Message-ID: <571BBE4B.8000508@gmail.com>
Date: Sat, 23 Apr 2016 23:56:19 +0530
From: Rahul Pratap Singh <techno.rps@...il.com>
To: bugtraq@...urityfocus.com
Subject: Persian-woocommerce-sms XSS Vulnerability

## FULL DISCLOSURE

#Product :Persian-woocommerce-sms
#Exploit Author : Rahul Pratap Singh
#Version :3.3.2
#Home page Link : https://wordpress.org/plugins/persian-woocommerce-sms/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

----------------------------------------
Description:
----------------------------------------
"ps_sms_numbers"  parameter is not sanitized that leads to XSS
Vulnerability.

----------------------------------------
Vulnerable Code:
----------------------------------------

File Name: testfiles/persian-woocommerce-sms/lib/class.bulk.send.php

Found at line:45
value="<?php echo isset($_POST['ps_sms_numbers']) ?
$_POST['ps_sms_numbers'] : '' ?>" style="direction:ltr; text-align:left;
width:700px; max-width:100% !important"/><br/>

----------------------------------------

Fix:
Update to 3.3.4

Vulnerability Disclosure Timeline:
→ March 14, 2016  – Bug discovered, initial report to Vendor.
→ March 22, 2016  – No Response. Report sent again.
→ March 23, 2016  – WordPress Acknowledged.
→ April 21, 2016  – Full Disclosure.

Pub Ref:
https://0x62626262.wordpress.com/2016/04/21/persian-woocommerce-sms-xss-vulnerability/
https://wordpress.org/plugins/persian-woocommerce-sms/changelog/

Download attachment "0xE5D04434.asc" of type "application/pgp-keys" (61463 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists