WordPress WooCommerce version 2.0.12 suffers from a persistent cross site scripting vulnerability.
57d7189e7893db13f998b57e482f7f386bd27a5aca10ffb821839d7f9bf89a5f
WooCommerce 2.0.12 Persistent XSS
Details
==============================================================================
Product: WooCommerce 2.0.12
Security-Risk: High
Remote-Exploit: yes
Vendor-URL: http://www.woothemes.com/woocommerce/
Advisory-Status: NotPublished
Credits
==============================================================================
Discovered by: Mirza Burhan Baig of BlacKBitZ.net!
Affected Products:
==============================================================================
WooCommerce 2.0.12
Description
==============================================================================
"Ecommerce Plugin For Wordpress"
More Details
==============================================================================
I have discsovered a persistent Cross site scripting (XSS) inside
WooCommerce 2.0.12(Latest Version),
the vulnerability can be easily exploited and can be used to steal cookies,
perform phishing attacks and other various attacks compromising the security of a
user.
Proof of Concept
==============================================================================
Go to any of the products from below link:
http://woo.browsepress.com/
Add any of the product to cart by filling all the details, click on "Add To Cart",
now proceed to "View Cart" form the below Link:
http://woo.browsepress.com/shop/beyond-the-moon/
Click on the "Calculate Shipping" > select the country which has no state already
and put the below vector in the state field, and put the any postal code.
#"><img src=x onerror=prompt(document.cookie);>
Now click "Update Total", now go to the top and click on the "Proceed To CheckOut"
Wollah.. here you go with your own Cookie!
Exploit
==============================================================================
Goto the Cart Page and play with the vector, above vector will show you the Cookie, steal it... ;)
Solution
==============================================================================
Edit the source code to ensure that input is properly sanitised.
--
Warm Regards,
Mirza Burhan Baig
http://BlackBitZ.net