# Exploit Title: Wordpress-Beer Recipes v.1.0 XSS
# Google Dork :-
# Date: June/25/2011
# Author: TheUzuki.
# Software Link: http://opensourcebrew.org/beer-recipes-plugin/
# Version: v.1.0
# Tested on: Windows 7
# CVE :-
######################################## ############################
# SIESTTA 2.0 (LFI/XSS) Multiple Vulnerabilities
# Download: http://opensourcebrew.org/beer-recipes-plugin/
#
# Author: TheUzuki. from HF
# Mail: uzuki [@] live [dot] de
#
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
#
######################################## ############################
#
# Notes: You need to be User at the Wordpress Board
#
######################################## ############################
-- Description of Wordpress Plugin --
Creates a custom post type for easily entering beer recipes into WordPress
-- Exploit --
By Commenting a Beer Recip, with a javascript, the Javascripts, gets executed directly.
This causes a XSS.
-- PoC --
<Script> alert (document. cookie) </script>
Www.2cto.com solution: Filter