Jump to content

Search the Community

Showing results for tags 'adplugg'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. ===================================================== Stored XSS Vulnerability in ADPlugg Wordpress Plugin ===================================================== . contents:: Table Of Content Overview ======== * Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin * Author: Kaustubh G. Padwad * Plugin Homepage: https://wordpress.org/plugins/adplugg/ * Severity: Medium * Version Affected: 1.1.33 and mostly prior to it * Version Tested : 1.1.33 * version patched: 1.1.34 Description =========== Vulnerable Parameter -------------------- * Access Code About Vulnerability ------------------- This plugin is vulnerable to a Stored cross site scripting vulnerability,This issue was exploited when administrator users with access to AdPlugg Setting in wordpress Access code parameter is vulnerable for stored XSS. A malicious administration can hijack other users session, take control of another administrator's browser or install malware on their computer. Vulnerability Class =================== Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) Steps to Reproduce: (POC) ========================= After installing the plugin * Goto settings --> AdPlugg * Put This payload in Access Code "><script>alert(document.cookie)</script> * Click on the Save Changes you will see XSS in action * Reload the page or re navigate to page to make sure its stored Mitigation ========== Update to Version 1.1.34 Change Log ========== https://wordpress.org/plugins/adplugg/changelog/ Disclosure ========== 18-February-2015 reported to developer 19-February-2015 Developer acknodlage the Bug 19-February-2015 Developer Patched the Bug and Push update 21-February-2015 Public Discloser credits ======= * Kaustubh Padwad * Information Security Researcher * kingkaustubh@me.com * https://twitter.com/s3curityb3ast * http://breakthesec.com * https://www.linkedin.com/in/kaustubhpadwad Source
×
×
  • Create New...