Aerosol Posted February 24, 2015 Report Share Posted February 24, 2015 =====================================================Stored XSS Vulnerability in ADPlugg Wordpress Plugin =====================================================. contents:: Table Of ContentOverview========* Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin * Author: Kaustubh G. Padwad* Plugin Homepage: https://wordpress.org/plugins/adplugg/* Severity: Medium* Version Affected: 1.1.33 and mostly prior to it* Version Tested : 1.1.33* version patched: 1.1.34Description ===========Vulnerable Parameter --------------------* Access CodeAbout Vulnerability-------------------This plugin is vulnerable to a Stored cross site scripting vulnerability,This issue was exploited when administrator users with access to AdPlugg Setting in wordpress Access code parameter is vulnerable for stored XSS. A malicious administration can hijack other users session, take control of another administrator's browser or install malware on their computer.Vulnerability Class=================== Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) Steps to Reproduce: (POC)=========================After installing the plugin* Goto settings --> AdPlugg* Put This payload in Access Code "><script>alert(document.cookie)</script>* Click on the Save Changes you will see XSS in action * Reload the page or re navigate to page to make sure its stored Mitigation ==========Update to Version 1.1.34 Change Log==========https://wordpress.org/plugins/adplugg/changelog/Disclosure ==========18-February-2015 reported to developer19-February-2015 Developer acknodlage the Bug19-February-2015 Developer Patched the Bug and Push update21-February-2015 Public Disclosercredits=======* Kaustubh Padwad* Information Security Researcher* kingkaustubh@me.com* https://twitter.com/s3curityb3ast* http://breakthesec.com* https://www.linkedin.com/in/kaustubhpadwadSource Quote Link to comment Share on other sites More sharing options...
