| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Feb 2016 22:21:13 +0200 From: Panagiotis Vagenas <pan.vagenas@...il.com> To: bugtraq@...urityfocus.com Subject: WordPress User Submitted Posts Plugin [Persistent XSS] * Exploit Title: WordPress User Submitted Posts Plugin [Persistent XSS] * Discovery Date: 2016-02-10 * Exploit Author: Panagiotis Vagenas * Author Link: https://twitter.com/panVagenas * Vendor Homepage: https://plugin-planet.com/ * Software Link: https://wordpress.org/plugins/user-submitted-posts/ * Version: 20151113 * Tested on: WordPress 4.4.2 * Category: WebApps, WordPress Description ----------- _User Submitted Posts_ plugin for WordPress suffers from a XSS vulnerability. The `user-submitted-content` field of the new post submission form is not properly sanitized, thus allowing users to include JS code to submitted post content. Normally only users with `unfiltered_html` capability are allowed to include JS code to post content. By default Administrators or Super Administrators have this capability, so this is considered as Persistent XSS vulnerability. PoC --- 1. Submit the form inserting JS code to post content 2. View the newly created post 3. JS code is executed Solution -------- Upgrade to v20160215 Timeline -------- 1. **2016-02-10**: Vendor notified via contact form at his website 2. **2016-02-10**: Vendor responded and received details about the issue 3. **2016-02-14**: Vendor released version 20160215 User Submitted Posts [Persistent XSS].md * Exploit Title: User Submitted Posts [Persistent XSS] * Discovery Date: 2016-02-10 * Exploit Author: Panagiotis Vagenas * Author Link: https://twitter.com/panVagenas * Vendor Homepage: https://plugin-planet.com/ * Software Link: https://wordpress.org/plugins/user-submitted-posts/ * Version: 20151113 * Tested on: WordPress 4.4.2 * Category: WebApps, WordPress Description ----------- _User Submitted Posts_ plugin for WordPress suffers from a XSS vulnerability. The `user-submitted-content` field of the new post submission form is not properly sanitized, thus allowing users to include JS code to submitted post content. Normally only users with `unfiltered_html` capability are allowed to include JS code to post content. By default Administrators or Super Administrators have this capability, so this is considered as Persistent XSS vulnerability. PoC --- 1. Submit the form inserting JS code to post content 2. View the newly created post 3. JS code is executed Solution -------- Upgrade to v20160215 Timeline -------- 1. **2016-02-10**: Vendor notified via contact form at his website 2. **2016-02-10**: Vendor responded and received details about the issue 3. **2016-02-14**: Vendor released version 20160215
Powered by blists - more mailing lists