exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress ABC-Test 0.1 Cross Site Scripting

WordPress ABC-Test 0.1 Cross Site Scripting
Posted Sep 26, 2012
Authored by Scott Herbert

WordPress ABC-Test plugin version 0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9fa0057ada1da700fbdc590dfebe6a5118a65cf4f8a88e073ae0a90928d88e9c

WordPress ABC-Test 0.1 Cross Site Scripting

Change Mirror Download
This effects version 0.1 of abc-test the hole is fixed in version 0.2

---------
Affected products:
---------

Product : wordpress plugin abc-test
Affected file: abctest_config.php

----
Details:
----

The file abctest_config.php does not sanitize the input from $_GET ['id']
effectively. This allows a user to launch a cross site scripting attack
against this file. While the effectiveness of such an attack is somewhat
limited by the wordpress platform adding \ to quotes, it still may be
possible to inject cookie stealing objects (flash files for example).

Example code:

http://localhost/blog/wp-admin/admin.php?page=abctest&do=edit&id=%22%3E%3Ch1
%3EXSS%3C/h1

-------
Suggested fix:
-------

Sanitize the $_GET super global.

----
Timeline:
----

24-Sept-2012 Vendor and wordpress informed.
25-Sept-2012 Vendor confirmed the security issue and patched.
26-Sept-2012 Public release of the vulnerability, via the full disclosure
and
http://scott-herbert.com/blog/2012/09/26/xss-vulnerability-in-wordpress-plug
in-abc-test-1107





Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close