| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201211040415.qA44FBNE030535@sf01web3.securityfocus.com> Date: Sun, 4 Nov 2012 04:15:11 GMT From: marcelavbx@...il.com To: bugtraq@...urityfocus.com Subject: XSS in answer my question plugin ############################# Exploit Title : Answer my question wordpress plugin Multiple Cross-Site Scripting Vulnerabilities Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 09/19/12 version: 1.1 software link:http://wordpress.org/extend/plugins/answer-my-question/ ############################# Answer my question plugin description This plugin allows users to ask question to the blog administrator in an easy, simple way with a minimalistic and friendly design.It uses php and mysql to store the questions. ########################## XSS location The problem is located in the file: record_my_question.php which user's input are not sanitized. This plugin displays a form with many fields to fill in. 2 of them are vulnerable to PERSISTENT cross site scripting. The vulnerable fields are: * name * subject Via post, we can send malicious code in order to steal cookies, access to sensitive information, do a web application defacement to every single user that visits the poisoned profile. ########################## Vendor Notification 09/28/2012 to: the developer. He replied immediately and fixed the problem. posted in plugin track repository http://plugins.trac.wordpress.org/ticket/1576 Because of it, a new version has been released
Powered by blists - more mailing lists