WordPress Plugin Corner Ad 1.0.7 - Cross-Site Scripting

2017.02.17

Credit: Atik Rahman

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: inurl:/wp-content/plugins/corner-ad

# Exploit Title: Authorized Stored XSS at WordPress Corner-Ad plugin.
# Google Dork: inurl:/wp-content/plugins/corner-ad
# Date: 16-02-17
# Exploit Author: Atik Rahman
# Vendor Homepage: https://wordpress.org/plugins/corner-ad/
# Software Link: https://downloads.wordpress.org/plugin/corner-ad.zip
# Version: 1.0.7
# Tested on: Firefox 44, Windows10
Vendor Description
---------------------
*Corner Ad* is a plugin which display you ads in a corner of your WordPress website page.
The Plugin has 1,000+ active install.
Stored XSS in Ad Name
----------------------
Ad name input fields aren't properly escaped. This could lead to an XSS attack that could possibly affect administrators,users,editor.
1. Go to http://localhost/wp-admin/options-general.php?page=corner-ad.php
2. Click on create new Add button.
3. And Use Ad name as "/><svg/onload=prompt(document.domain)> *Fill the other field.
4.Now Click on save corner Add button when it's add a new add go to the
http://localhost/wp-admin/options-general.php?page=corner-ad.php
for corner add list. And now Your xss will
be executed.
5. If a normal editor,author visit the corner add list page xss will
effect them also.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress Plugin Corner Ad 1.0.7 - Cross-Site Scripting

Dork: inurl:/wp-content/plugins/corner-ad

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.