what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress Custom Map 1.1 Cross Site Scripting

WordPress Custom Map 1.1 Cross Site Scripting
Posted Dec 20, 2017
Authored by Nicolas Buzy-Debat

WordPress Custom Map plugin version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-17744
SHA-256 | 5ebc96aa13a10adda66518346705b8e9024837bd689de7ed6a5a146a5ade57af

WordPress Custom Map 1.1 Cross Site Scripting

Change Mirror Download
Product: Custom Map WordPress Plugin - https://wordpress.org/plugins/custom-map/
Vendor: webdesi9
Tested version: 1.1
CVE ID: CVE-2017-17744

** CVE description **
A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php.

** Technical details **
In custom-map/view/advancedsettings.php:9, $_REQUEST['map_id'] is directly echoed back to user without proper sanitization.

Vulnerable code:
if(isset($_REQUEST['map_id']))
{
echo $map_id=$_REQUEST['map_id'];

https://plugins.trac.wordpress.org/browser/custom-map/trunk/view/advancedsettings.php#L9

** Proof of Concept **
http://<host>/wordpress/wp-admin/admin.php?page=custom_maps_advanced_settings&map_id=<script>alert(document.cookie);</script>

** Solution **
No fix available yet.

** Timeline **
13/10/2017: vendor contacted through webform; no reply
17/10/2017: vendor contacted through webform; no reply
31/10/2017: vendor contacted through support@webdesi9.com; no reply
05/12/2017: vendor contacted through support@webdesi9.com; no reply
19/12/2017: report published

** Credits **
Vulnerability discovered by Nicolas Buzy-Debat working at Orange Cyberdefense Singapore (CERT-LEXSI).

--
Best Regards,

Nicolas Buzy-Debat
Orange Cyberdefense Singapore (CERT-LEXSI)

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.



Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close