WordPress Akismet plugin version 3.1.1 suffers from a cross site scripting vulnerability.
2f65b94147ff0b5b179b376bc1cd9f88ebaadbbe26f86638f711724e992c9310
# Exploit Title: Wordpress Akismet 3.1.1 Plugin - XSS Vulnerability
# Google Dork: inurl:/wp-content/plugins/akismet/akismet.php
# Date: 2014-12-29
# Exploit Author: Ehsan Ice
# Software Link: https://akismet.com/ ,
https://wordpress.org/plugins/akismet/developers/
# Download Link: https://downloads.wordpress.org/plugin/akismet.3.1.1.zip
# Version : 3.1.1
# Tested on: Kali , Windows
# CVE : N/A
XSS Vulnerability
http://site/wp-content/plugins/akismet/akismet.php
http://site/wp-content/plugins/akismet/class.akismet-admin.php
Userinput reaches sensitive sink when function add_comment_author_url()
is called.
428: print print (wp_update_comment($comment)); // class.akismet-admin.php
426: $comment['comment_author_url'] = esc_url($_POST['url']); //
class.akismet-admin.php
requires:
423: if(!empty($_POST['id']) && !empty($_POST['url']) &&
check_admin_referer('comment_author_url_nonce'))
425: if($comment && current_user_can('edit_comment',
$comment['comment_ID']))
422: function add_comment_author_url()
Special Tnx : Milad Hacking , MMA Defacer , Ramin Ramz , Alireza Attacker
Xodiak , Adel Netcat , Mr.Tekide , Ang3l--Demon