Wordpress Plugin - ADIF Log Search Widget XSS Vulnerability

# Exploit Title: ADIF Log Search Widget XSS Vulnerability
# Google Dork:
# Date: 26/05/13
# Exploit Author: k3170makan
# Version: 1.0e
# Tested on: Ubuntu 12.04.2 LTS
Wordpress ADIF log book search plugin widget suffers from a Cross Site Scripting vulnerability.

Code: logbook_search.php
-------------------------------------------------------------------------------------------------------------------
 55  echo "
 56       <div id=\"logbook_poplight\" class=\"logbook_poplight\" title=\"$num_rows QSO's with ".$_REQUEST['call']."\">";
 57  echo "<table>";
 58  echo " <tr>";


Code: logbook_search.php
-------------------------------------------------------------------------------------------------------------------
 93     else{
 94         echo "
 95 
 96               <div id=\"logbook_poplight\" class=\"logbook_poplight\" title=\"No QSO's with ".$_REQUEST['call']."\">
 97               Sorry, nothing found in the logbook!
 98               </div>
 99               ";
100               logbook_search_form();
101     }
102 }
The above code fails to sanitize the "$_REQUEST['call']" value passed to the script from the Widgets HTML form, allowing attackers to inject HTML/JavaScript into a victims browser session.


PoC:
http://[domain]/wordpress/?call=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3Ctextarea%3E


Popular posts from this blog

The Science of Google Dorking

Labels

Show more