[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability
From: sn@xxxxxx
Date: Wed, 11 Feb 2015 17:51:11 GMT

============================================================
- Title: Ninja Forms WordPress Plugin Multiple Cross-Site Scripting 
Vulnerability
- Vulnerable Version: 2.8.8 and probably prior
 -Tested Version:2.8.8
 - Vendor Notification: 20 November 2014
 - Vendor Patch: 20 November 2014
 -Vulnerability Type: Cross-Site Scripting [CWE-79]
 -CVE Reference: TBC
- Discovered by: Sergio Navarro of Dionach
- - ============================================================

VULNERABILITY
Two XSS vulnerabilities have been discovered in Ninja Forms WordPress plugin 
which can be exploited against administrators of WordPress (with the vulnerable 
plugin) to perform Cross-Site Scripting
1)      Reflected XSS
The issue was found in the success notification message that the Ninja Forms 
plugin displays in users? browser after users submit their details successfully 
through the plugin contact form. Anonymous attackers could use the 
vulnerability to take control of the victim?s browser or steal other users' 
sessions and so access their personal details.
Proof of concept:
POST 
http://www.example.com/wp-admin/admin-ajax.php?action=ninja_forms_ajax_submit 
[?]
ninja_forms_field_1=<b onmouseover=alert('XSS!')>TEST</b>
[?]

--------------------------------------------------------------------------------------------------------------------------------------
2)Stored XSS
This issue was exploited when administrator users with access to the Ninja 
Forms submissions list attempt to edit the user submitted values. A malicious 
administration can hijack other users? session, take control of another 
administrator?s browser or install malware on their computer.
Proof of concept:
POST http://www.example.com/wp-admin/post.php 
fields[1]=<b+onmouseover=alert('XSS!')>TEST</b> 
-===========================================================================
SOLUTION:
Update to Ninja Forms 2.8.11 which includes a fix for this vulnerability 
-===========================================================================
Credits: Sergio Navarro of Dionach

Prev by Date: [SECURITY] [DSA 3160-1] xorg-server security update
Next by Date: [SECURITY] [DSA 3161-1] dbus security update
Previous by thread: [SECURITY] [DSA 3160-1] xorg-server security update
Next by thread: [SECURITY] [DSA 3161-1] dbus security update
Index(es):
- Date
- Thread