WordPress Redirection plugin versions 2.2.9 and below suffer from a persistent cross site scripting vulnerability.
ab2d18144287f46585dad95c8c266dff06ece77b1a0fd6c6ca81e764c06595a0#Title: Wordpress Redirection Plugin <=2.2.9 Lazy XSS
#Date: 2011-10-05
#Author: dotxed (dotxed(at)googlemail.com @dotxed)
#Software Link: http://wordpress.org/extend/plugins/redirection/
#Version: 2.2.9 (tested)
-----------------------
Info
-----------------------
One feature of the Plugin allows you to log 404-erros on your wordpress
site. The Plugin saves the requested URL, timestamp, IP and the
referrer, which can be seen in the wordpress plugin menu.
------------------------
PoC
-----------------------
The referrer is not santinized proberbly. It allows you to store XSS in
the wordpress backend (affects privileged users only)
Visit a 404-page of the target wordpress Site and change the referrer
to "/><script>alert(1)</script> to place your XSS inside the blog
backend.
-----------------------
Fix
-----------------------
After contacting the writer of this plugin, he rolled out a new version.
Version 2.2.10 is not affected by these XSS issues.
More information can be seen on http://goo.gl/956D7 (only german)
-----------------------
Finally...
-----------------------
Greetings to everyone!
.___ __ .___
__| _/_____/ |____ ___ ____ __| _/
/ __ |/ _ \ __\ \/ // __ \ / __ |
/ /_/ ( <_> ) | > <\ ___// /_/ |
\____ |\____/|__| /__/\_ \\___ >____ |
\/ \/ \/ \/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed