* Discovery Date: 2016-02-10
* Exploit Author: Panagiotis Vagenas
* Author Link: https://twitter.com/panVagenas
* Vendor Homepage: https://plugin-planet.com/
* Software Link: https://wordpress.org/plugins/
* Version: 20151113
* Tested on: WordPress 4.4.2
* Category: WebApps, WordPress
Description
-----------
_User Submitted Posts_ plugin for WordPress suffers from a XSS
vulnerability. The `user-submitted-content` field of the new post
submission form is not properly sanitized, thus allowing users to
include JS code to submitted post content.
Normally only users with `unfiltered_html` capability are allowed to
include JS code to post content. By default Administrators or Super
Administrators have this capability, so this is considered as Persistent
XSS vulnerability.
PoC
---
1. Submit the form inserting JS code to post content
2. View the newly created post
3. JS code is executed
Solution
--------
Upgrade to v20160215
Timeline
--------
1. **2016-02-10**: Vendor notified via contact form at his website
2. **2016-02-10**: Vendor responded and received details about the issue
3. **2016-02-14**: Vendor released version 20160215
User Submitted Posts [Persistent XSS].md
* Exploit Title: User Submitted Posts [Persistent XSS]
* Discovery Date: 2016-02-10
* Exploit Author: Panagiotis Vagenas
* Author Link: https://twitter.com/panVagenas
* Vendor Homepage: https://plugin-planet.com/
* Software Link: https://wordpress.org/plugins/
* Version: 20151113
* Tested on: WordPress 4.4.2
* Category: WebApps, WordPress
Description
-----------
_User Submitted Posts_ plugin for WordPress suffers from a XSS
vulnerability. The `user-submitted-content` field of the new post
submission form is not properly sanitized, thus allowing users to
include JS code to submitted post content.
Normally only users with `unfiltered_html` capability are allowed to
include JS code to post content. By default Administrators or Super
Administrators have this capability, so this is considered as Persistent
XSS vulnerability.
PoC
---
1. Submit the form inserting JS code to post content
2. View the newly created post
3. JS code is executed
Solution
--------
Upgrade to v20160215
Timeline
--------
1. **2016-02-10**: Vendor notified via contact form at his website
2. **2016-02-10**: Vendor responded and received details about the issue
3. **2016-02-14**: Vendor released version 20160215
Komentarų nėra:
Rašyti komentarą