Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

XSS vulnerability in wordpress plugin abc-test

From: Scott Herbert <scott.a.herbert () googlemail com>
Date: Wed, 26 Sep 2012 07:31:47 +0100
This effects version 0.1 of abc-test the hole is fixed in version 0.2

---------
Affected products:
---------

Product : wordpress plugin abc-test
Affected file:   abctest_config.php

----
Details:
----

The file abctest_config.php does not sanitize the input from $_GET ['id']
effectively. This allows a user to launch a cross site scripting attack
against this file. While the effectiveness of such an attack is somewhat
limited by the wordpress platform adding \ to quotes, it still may be
possible to inject cookie stealing objects (flash files for example).

Example code:

http://localhost/blog/wp-admin/admin.php?page=abctest&do=edit&id=%22%3E%3Ch1
%3EXSS%3C/h1

-------
Suggested fix:
-------

Sanitize the $_GET super global.

----
Timeline:
----

24-Sept-2012 Vendor and wordpress informed.
25-Sept-2012 Vendor confirmed the security issue and patched.
26-Sept-2012 Public release of the vulnerability, via the full disclosure
and
http://scott-herbert.com/blog/2012/09/26/xss-vulnerability-in-wordpress-plug
in-abc-test-1107




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: