what you don't know can hurt you

WordPress Concours 1.1 Cross Site Scripting

WordPress Concours 1.1 Cross Site Scripting
Posted Dec 20, 2017
Authored by Nicolas Buzy-Debat

WordPress Concours plugin version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-17719
MD5 | 16e05e232ca72ab8df9a0ad81d45019b

WordPress Concours 1.1 Cross Site Scripting

Change Mirror Download
Product: WordPress Concours Plugin - https://wordpress.org/plugins/wp-concours/
Vendor: Olyos
Tested version: 1.1
CVE ID: CVE-2017-17719

** CVE description **
A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php.

** Technical details **
In wp-concours/includes/concours_page.php:18, $_REQUEST['result_message'] is stored in the $message_str variable without proper sanitization. This variable is then echoed back to user on line 28.

Vulnerable code:
https://plugins.trac.wordpress.org/browser/wp-concours/trunk/includes/concours_page.php#L18

** Proof of Concept **
http://<host>/wordpress/wp-admin/admin.php?page=concours&result_message=<script>alert(document.cookie);</script>

** Solution **
No fix available yet.

** Timeline **
28/09/2017: vendor contacted; vendor asks for technical report
06/10/2017: requested an update regarding the fix; vendor says in November
05/12/2017: sent an e-mail to warn about the release of that advisory; no reply
19/12/2017: report published

** Credits **
Vulnerability discovered by Nicolas Buzy-Debat working at Orange Cyberdefense Singapore (CERT-LEXSI).

--
Best Regards,

Nicolas Buzy-Debat
Orange Cyberdefense Singapore (CERT-LEXSI)
_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.



Login or Register to add favorites

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close