WordPress WooCommerce 2.0.12 Cross Site Scripting

WordPress WooCommerce 2.0.12 Cross Site Scripting: Posted Jul 18, 2013; Authored by Mirza Burhan Baig | Site blackbitz.net; WordPress WooCommerce version 2.0.12 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 57d7189e7893db13f998b57e482f7f386bd27a5aca10ffb821839d7f9bf89a5f; Download | Favorite | View

WordPress WooCommerce 2.0.12 Cross Site Scripting

WooCommerce 2.0.12 Persistent XSS

Details
==============================================================================
Product: WooCommerce 2.0.12
Security-Risk: High
Remote-Exploit: yes
Vendor-URL: http://www.woothemes.com/woocommerce/
Advisory-Status: NotPublished

Credits
==============================================================================
Discovered by: Mirza Burhan Baig of BlacKBitZ.net!

Affected Products:
==============================================================================
WooCommerce 2.0.12

Description
==============================================================================
"Ecommerce Plugin For Wordpress"

More Details
==============================================================================
I have discsovered a persistent Cross site scripting (XSS) inside
WooCommerce 2.0.12(Latest Version),
the vulnerability can be easily exploited and can be used to steal cookies,
perform phishing attacks and other various attacks compromising the security of a
user.

Proof of Concept
==============================================================================
Go to any of the products from below link:

http://woo.browsepress.com/

Add any of the product to cart by filling all the details, click on "Add To Cart", 
now proceed to "View Cart" form the below Link:

http://woo.browsepress.com/shop/beyond-the-moon/

Click on the "Calculate Shipping" > select the country which has no state already 
and put the below vector in the state field, and put the any postal code.

#"><img src=x onerror=prompt(document.cookie);>

Now click "Update Total", now go to the top and click on the "Proceed To CheckOut" 

Wollah.. here you go with your own Cookie!


Exploit
==============================================================================

Goto the Cart Page and play with the vector, above vector will show you the Cookie, steal it... ;)


Solution
==============================================================================
Edit the source code to ensure that input is properly sanitised.


-- 
Warm Regards,
Mirza Burhan Baig

http://BlackBitZ.net

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

WordPress WooCommerce 2.0.12 Cross Site Scripting

WordPress WooCommerce 2.0.12 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress WooCommerce 2.0.12 Cross Site Scripting

Share This

WordPress WooCommerce 2.0.12 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems