[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

XSS in answer my question plugin

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS in answer my question plugin
From: marcelavbx@xxxxxxxxx
Date: Sun, 4 Nov 2012 04:15:11 GMT

#############################
Exploit Title : Answer my question wordpress plugin Multiple Cross-Site 
Scripting Vulnerabilities
Author:Marcela Benetrix
home:www.girlinthemiddle.net
Date: 09/19/12
version: 1.1
software link:http://wordpress.org/extend/plugins/answer-my-question/

#############################
Answer my question plugin description

This plugin allows users to ask question to the blog administrator in an easy, 
simple way with a minimalistic and friendly design.It uses php and mysql to 
store the questions.

##########################
XSS location

The problem is located in the file: record_my_question.php which user's input 
are not sanitized.

This plugin displays a form with many fields to fill in. 2 of them are 
vulnerable to PERSISTENT cross site scripting. The vulnerable fields are:

* name 
* subject

Via post, we can send malicious code in order to steal cookies, access to 
sensitive information, do a web application defacement to every single user 
that visits the poisoned profile.
##########################
Vendor Notification

09/28/2012 to: the developer.  He replied immediately and fixed the problem.
posted in plugin track repository http://plugins.trac.wordpress.org/ticket/1576
Because of it, a new version has been released

Prev by Date: iCompel Digital Signage risks
Next by Date: VideoLAN VLC Media Player <= 2.0.4 Crash Bug
Previous by thread: iCompel Digital Signage risks
Next by thread: VideoLAN VLC Media Player <= 2.0.4 Crash Bug
Index(es):
- Date
- Thread