what you don't know can hurt you

WordPress Ninja Forms 2.8.8 Cross Site Scripting

WordPress Ninja Forms 2.8.8 Cross Site Scripting
Posted Feb 12, 2015
Authored by Sergio Navarro

WordPress Ninja Forms plugin version 2.8.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 64e89d2b69cf7d91927fa804b386df58

WordPress Ninja Forms 2.8.8 Cross Site Scripting

Change Mirror Download
============================================================
- Title: Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability
- Vulnerable Version: 2.8.8 and probably prior
-Tested Version:2.8.8
- Vendor Notification: 20 November 2014
- Vendor Patch: 20 November 2014
-Vulnerability Type: Cross-Site Scripting [CWE-79]
-CVE Reference: TBC
- Discovered by: Sergio Navarro of Dionach
- - ============================================================

VULNERABILITY
Two XSS vulnerabilities have been discovered in Ninja Forms WordPress plugin which can be exploited against administrators of WordPress (with the vulnerable plugin) to perform Cross-Site Scripting
1) Reflected XSS
The issue was found in the success notification message that the Ninja Forms plugin displays in users’ browser after users submit their details successfully through the plugin contact form. Anonymous attackers could use the vulnerability to take control of the victim’s browser or steal other users' sessions and so access their personal details.
Proof of concept:
POST http://www.example.com/wp-admin/admin-ajax.php?action=ninja_forms_ajax_submit
[…]
ninja_forms_field_1=<b onmouseover=alert('XSS!')>TEST</b>
[…]

--------------------------------------------------------------------------------------------------------------------------------------
2)Stored XSS
This issue was exploited when administrator users with access to the Ninja Forms submissions list attempt to edit the user submitted values. A malicious administration can hijack other users’ session, take control of another administrator’s browser or install malware on their computer.
Proof of concept:
POST http://www.example.com/wp-admin/post.php
fields[1]=<b+onmouseover=alert('XSS!')>TEST</b>
-===========================================================================
SOLUTION:
Update to Ninja Forms 2.8.11 which includes a fix for this vulnerability
-===========================================================================
Credits: Sergio Navarro of Dionach

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close