#Product :Persian-woocommerce-sms
#Exploit Author : Rahul Pratap Singh
#Version :3.3.2
#Home page Link : https://wordpress.org/plugins/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/
#Date : 21/4/2016
XSS Vulnerability:
------------------------------
Description:
------------------------------
"ps_sms_numbers" parameter is not sanitized that leads to XSS
Vulnerability.
------------------------------
Vulnerable Code:
------------------------------
File Name: testfiles/persian-woocommerce-
Found at line:45
value="<?php echo isset($_POST['ps_sms_numbers']
$_POST['ps_sms_numbers'] : '' ?>" style="direction:ltr; text-align:left;
width:700px; max-width:100% !important"/><br/>
------------------------------
Fix:
Update to 3.3.4
Vulnerability Disclosure Timeline:
→ March 14, 2016 – Bug discovered, initial report to Vendor.
→ March 22, 2016 – No Response. Report sent again.
→ March 23, 2016 – WordPress Acknowledged.
→ April 21, 2016 – Full Disclosure.
Pub Ref:
https://0x62626262.wordpress.
https://wordpress.org/plugins/
Komentarų nėra:
Rašyti komentarą