Wordpress Count per Day Plugin 3.2.3 XSS Vulnerability

1. ###################################################################################
2.  
3. # Exploit Title: wordpress Count per Day Cross Site Scripting Vulnerability
4. #
5. # Google Dork:inurl:/wp-content/plugins/count-per-day
6. #
7. # Date: 08/24/2012
8. #
9. # Author: Crim3R
10. #
11. # Version 3.2.3
12. #
13. # Vendor Home : http://downloads.wordpress.org/plugin/count-per-day.3.2.3.zip
14. #
15. # Tested on: all
16. #
17. ###################################################################################
18.  
19. $
20. $ Author will be not responsible for any damage.
21. $
22. ###################################################################################
23.  
24.  
25. ========================================
26. first notes.php is not restricted to admin and anyone can access it directty by
27. browser => an attacker can add notes witch
28.  
29. can be html codes => its Stored Xss
30. goto WP-path/wp-content/plugins/count-per-day/notes.php
31. in the notes section add html code and click Add
32. D3M0 :
33. http://www.christinedesavino.com/blog/wp-content/plugins/count-per-day
34.  
35. http://www.dhakadakshinghsc.com/wp-content/plugins/count-per-day/
36.  
37. www.watansport.net/ara/wp-content/plugins/count-per-day/
38.  
39.  
40. ===============Crim3R@Att.Net===========
41.  
42. $home = %00
43. thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir