WordPress Social Hashtag plugin version 2.0.0 suffers from a cross site scripting vulnerability.
7bf7ae4b6feba80a69e7d845f070293668773ceb1f16c07383517dbebe7de626
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# Exploit Title: WordPress Social Hashtag 2.0.0 Cross Site Scripting
# Date: 2013 2 October
# Author: Arsan
# Software Link: https://wordpress.org/plugins/social-hashtags/
# Version : 2.0.0
# Tested on: Linux & Windows
# Category: webapps
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Exploit :
#
# [-] Description :
#
# 1) Download "Social Hashtag" And Install
# 2) Go To "Add New Post" :
# Social Hashtags > Add New
# 3) Insert In "title" This Code And Save :
# "><script>alert(/Arsan/)</script>
# 4) And Try To See Your Post; Follow Link :
# https://localhost/wp/social/
#
# [You See Alert "Arsan"] ~> ;)
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Contact Me :
#
# Arsan.Blackhat@gmail.com
# Twitter.com/ArsanBlackhat
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
# I L0ve Inj3ct0r Team
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#