[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin
From:       High-Tech Bridge Security Research <advisory () htbridge ! com>
Date:       2013-12-26 11:09:22
Message-ID: 20131226110922.D3AF82C54882 () htbridge ! ch
[Download RAW message or body]

Advisory ID: HTB23187
Product: Ad-minister Wordpress plugin
Vendor: henrikmelin, kalstrom
Vulnerable Version(s): 0.6 and probably prior
Tested Version: 0.6
Advisory Publication:  December 5, 2013  [without technical details]
Vendor Notification: December 5, 2013 
Public Disclosure: December 26, 2013 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2013-6993
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( \
https://www.htbridge.com/advisory/ ) 

-----------------------------------------------------------------------------------------------


Advisory Details:

High-Tech Bridge Security Research Lab discovered vulnerability in Ad-minister \
Wordpress plugin, which can be exploited to perform Cross-Site Scripting (XSS) \
attacks.


1) Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin: CVE-2013-6993

The vulnerability exists due to insufficient sanitisation of user-supplied data in \
"key" HTTP GET parameter passed to "/wp-admin/tools.php" script. A remote attacker \
can trick a logged-in administrator to open a specially crafted link and execute \
arbitrary HTML and script code in browser in context of the vulnerable website.

The exploitation example below uses the "alert()" JavaScript function to display \
"immuniweb" word:

http://[host]/wp-admin/tools.php?page=ad-minister&tab=positions&action=delete&key=%27%3E%3Cscript%3Ealert%28immuniweb%29;%3C/script%3E


-----------------------------------------------------------------------------------------------


Solution:

Vendor did not reply to 3 notifications by email, 1 notification via twitter, 1 forum \
thread. Currently we are not aware of any official solution for this vulnerability.

Unofficial patch was developed by High-Tech Bridge Security Research Lab and is \
available here: https://www.htbridge.com/advisory/HTB23187-patch.zip

-----------------------------------------------------------------------------------------------


References:

[1] High-Tech Bridge Advisory HTB23187 - https://www.htbridge.com/advisory/HTB23187 - \
Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin. [2] Ad-minister Wordpress \
plugin - http://wordpress.org/plugins/ad-minister/ - A complete system for handling \
advertising, including ad-rotation (with weights), scheduling and support for theme \
widgets. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - \
international in scope and free for public use, CVE ® is a dictionary of publicly \
known information security vulnerabilities and exposures. [4] Common Weakness \
Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security \
practitioners, CWE is a formal list of software weakness types. [5] ImmuniWeb ® - \
http://www.htbridge.com/immuniweb/ - is High-Tech Bridge's proprietary web \
application security assessment solution with SaaS delivery model that combines \
manual and automated vulnerability testing.

-----------------------------------------------------------------------------------------------


Disclaimer: The information provided in this Advisory is provided "as is" and without \
any warranty of any kind. Details of this Advisory may be updated in order to provide \
as accurate information as possible. The latest version of the Advisory is available \
on web page [1] in the References.


[prev in list] [next in list] [prev in thread] [next in thread]