[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher
- From: kingkaustubh@xxxxxx
- Date: Sun, 15 Feb 2015 07:08:01 GMT
#####################################
Title:- XSS In Image-Metadata-Cruncher
Author: Kaustubh G. Padwad
Product: image-metadata-cruncher
pluginURL:https://wordpress.org/plugins/image-metadata-cruncher/
Severity: Medium
Auth: Requierd
# Description:
Vulnerable Parameter:
Alternate text:
Caption:
Custom image meta tags:
# Vulnerability Class:
Cross Site Scripting
(https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS))
# About Vulnerability: This plugin is vulnerable to reflected XSS.
#Steps to Reproduce: (POC):
After installing plugin
Enter this URL
1. Login to wordpress
Navigate to this URL
2.http://localhost/wordpress/wp-admin/plugins.php?page=image_metadata_cruncher-options&settings-updated=true
The follwing fileds are vulabrable to XSS
Alternate text: Need to paste the payload this prevent from typing script
Caption: Need to paste the payload this prevent from typing script
Custom image meta tags: Need to paste the payload this prevent from typing
script
#Impact
This vulnablerbility can be tricked using CSRF and can use xss to steal tthe
cookie,creadintial code execution etc.
# Disclosure:
1-feb-2015 Repoerted to Developer
2-Feb-2015 Acknodlagement from Developer
8-feb-2015 Ask update from developer
13-feb-2015 Inform developer about Public discloser with confirmation of
patching this in next realese
14-feb-2015 Inform to Bugtraq,Public Disclose
#credits:
Kaustubh Padwad
Information Security Researcher
kingkaustubh@xxxxxx
https://twitter.com/s3curityb3ast
http://breakthesec.com
https://www.linkedin.com/in/kaustubhpadwad