|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#| |-------------------------------------------------------------------------| |[*] Exploit Title: Wordpress Banner Effect Header 1.2.6 Plugin XSS, CSRF Vulnerability | |[*] Date : Date: 2015-01-02 | |[*] Exploit Author: Ashiyane Digital Security Team | |[*] Vendor Homepage : https://wordpress.org/plugins/banner-effect-header/ | |[*] Plugin Link : https://downloads.wordpress.org/plugin/banner-effect-header.zip | |[*] Tested on: Windows 7 | |[*] Discovered By : Mahdi.Hidden | |-------------------------------------------------------------------------| | |[*] Location :http://[localhost]/[path]/wp-admin/options-general.php?page=BannerEffectOptions | |-------------------------------------------------------------------------| Exploit Code:
|-------------------------------------------------------------------------| | This is CSRF & XSS |-------------------------------------------------------------------------| |-------------------------------------------------------------------------| |-------------------------------------------------------------------------| |#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|