WordPress Image Metadata Cruncher plugin suffers from multiple cross site scripting vulnerabilities.
03374629cb90ac9ad07c551d52888620730e4229b15078ab8e1bc32f5ad9f8bd#####################################
Title:- XSS In Image-Metadata-Cruncher
Author: Kaustubh G. Padwad
Product: image-metadata-cruncher
pluginURL:https://wordpress.org/plugins/image-metadata-cruncher/
Severity: Medium
Auth: Requierd
# Description:
Vulnerable Parameter:
Alternate text:
Caption:
Custom image meta tags:
# Vulnerability Class:
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS))
# About Vulnerability: This plugin is vulnerable to reflected XSS.
#Steps to Reproduce: (POC):
After installing plugin
Enter this URL
1. Login to wordpress
Navigate to this URL
2.http://localhost/wordpress/wp-admin/plugins.php?page=image_metadata_cruncher-options&settings-updated=true
The follwing fileds are vulabrable to XSS
Alternate text: Need to paste the payload this prevent from typing script
Caption: Need to paste the payload this prevent from typing script
Custom image meta tags: Need to paste the payload this prevent from typing script
#Impact
This vulnablerbility can be tricked using CSRF and can use xss to steal tthe cookie,creadintial code execution etc.
# Disclosure:
1-feb-2015 Repoerted to Developer
2-Feb-2015 Acknodlagement from Developer
8-feb-2015 Ask update from developer
13-feb-2015 Inform developer about Public discloser with confirmation of patching this in next realese
14-feb-2015 Inform to Bugtraq,Public Disclose
#credits:
Kaustubh Padwad
Information Security Researcher
kingkaustubh@me.com
https://twitter.com/s3curityb3ast
http://breakthesec.com
https://www.linkedin.com/in/kaustubhpadwad
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed