lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 21 Apr 2015 18:05:37 GMT
From: kumarrohit2255@...il.com
To: bugtraq@...urityfocus.com
Subject: Stored Cross Site Scripting Vulnerability in Add Link to Facebook
 WordPress Plugin

Title: Stored XSS Vulnerability in Add Link to Facebook Wordpress Plugin

Author: Rohit Kumar

Plugin Homepage: http://wordpress.org/extend/plugins/add-link-to-facebook/

Severity: Medium

Version Affected: Version 1.215 and mostly prior to it.

Version Tested: Version 1.215

Version Patched : 1.215

Description:

Vulnerable Parameter
1. App ID
2. App Secret
3. Custom Picture URL
4. Default Picture URL
5. URL News Feed Icon

About Vulnerability
This plugin is vulnerable to Stored Cross Site Scripting Vulnerability. This issue was exploited when user
accessed to “Add Link to Facebook” Settings in Wordpress with Administrator privileges. A malicious
administrator can hijack other user’s sessions, take control of another administrator’s browser or install
malware on their computer.

Vulnerability Class:
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS))

Steps to Reproduce:
After installing the plugin:
&#61623; Goto Settings &#61664;All in One Facebook
&#61623; Input this payload in “App ID” :- “><script>alert(1)</script>
&#61623; Click on the Save button.
&#61623; After reloading the page you will see a Pop Up Box with 1 written on it.
&#61623; Reload the page again to make sure it’s stored.

Change Log
https://wordpress.org/plugins/add-link-to-facebook/changelog/

Disclosure
09th March 2015

Powered by blists - more mailing lists