Ticket 11289 wordpress hosting
# Exploit Title: Reflected Cross Site Scripting in wordpress 3.3
# Google Dork: "Proudly powered by WordPress"
# Date: 2.Jan.2012
# Author: Aditya Modha, Samir Shah
# Software Link: www.wordpress.org/download/
# Version: 3.3
# Tested on: apache
# CVE. Nope.
Step 1: Post a comment to the target website
Step 2: Replace the value of author tag, email tag, comment tag with the exact value of what has been post in the last comment. Change the value of comment_post_ID to the value of post (which can be known by opening that post and checking the value of p parameter in the url). For example the if the url is 192.168.1.102/wordpress/?p=6 then the value of comment_post_ID is 6.
Step 3: Publish the above html file on the web server and access it. Click on "Click Me" button. This will try to post the comment to wordpress which will flag this comment as duplicate comment with the 500 Internal server error response. Here our XSS payload will get executed. Check wordpress_3.3_xss.jpg file.
Step 4: The response code where XSS payload reflects is given below
–>
Duplicate comment detected; it looks as though you’ve already said that!