[wp-trac] [WordPress Trac] #47907: Stored XSS

WordPress Trac noreply at wordpress.org
Tue Aug 20 20:10:38 UTC 2019 

#47907: Stored XSS
--------------------------------+-----------------------------
 Reporter:  rohit001            |      Owner:  (none)
     Type:  defect (bug)        |     Status:  new
 Priority:  normal              |  Milestone:  Awaiting Review
Component:  General             |    Version:  5.2.2
 Severity:  major               |   Keywords:  close
  Focuses:  ui, administration  |
--------------------------------+-----------------------------
 Greetings,

 XSS (Cross-Site Scripting) allows an attacker to execute a dynamic script
 (Javascript, VbScript) in the context of the application. This allows
 several different attack opportunities, mostly hijacking the current
 session of the user or changing the look of the page by changing the HTML
 on the fly to steal the user's credentials. This happens because the input
 entered by a user has been interpreted as HTML/Javascript/VbScript by the
 browser.

 XSS targets the users of the application instead of the server. Although
 this is a limitation, since it allows attackers to hijack other users'
 session, an attacker might attack an administrator to gain full control
 over the application.


 Steps To Reproduce :

 Step-1: Login in WordPress 5.2.2
 Step-2: Create a Pages Or Add a new page. published it and then Comment.
 in comment
         section i entered my Script i.e <script>alert("You are
 Hacked")</script>
 Step-3: After submit refresh the page
 Step-4: And pop-up will Occurred. Affect on URL
         http://localhost/wordpress/2019/08/21/test/#comment-3.

 Impact:

 An attacker can use XSS to send a malicious script to an unsuspecting
 user. The end user’s browser has no way to know that the script should not
 be trusted, and will execute the script. Because it thinks the script came
 from a trusted source, the malicious script can access any cookies,
 session tokens, or other sensitive information retained by your browser
 and used with that site. These scripts can even rewrite the content of the
 HTML page

 Recommendation:

 1. White list parameter values i.e. accept only the known good.
 2. Encode HTML output
 3. Encode URL output
 4. Enable ASP.NET request validation property
 5. Anti XSS Library
 if( Request.QueryString[0]!=null)
 {
 string searchkeyword = Request.QueryString[0];
 lblmsg.Text = "Search results for keyword : " +
 Encoder.HtmlEncode(searchkeyword);
 }

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47907>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list