WordPress Ultimate Affiliate Pro 3.6 Cross Site Scripting

2017.07.26
Credit: 8bitsec
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Ultimate Affiliate Pro WordPress Plugin <= v3.6 - Authenticated Stored XSS # Date: 2017-07-24 # Exploit Author: 8bitsec # Vendor Homepage: http://affiliate.wpindeed.com/ # Software Link: https://codecanyon.net/item/ultimate-affiliate-pro-wordpress-plugin/16527729 # Version: 3.6 # Tested on: [Kali Linux 2.0 | Mac OS 10.12.5] # Email: contact@8bitsec.io # Contact: https://twitter.com/_8bitsec Release Date: ============= 2017-07-24 Product & Service Introduction: =============================== Ultimate Affiliate Pro is the newest and most completed Affiliate WordPress Plugin that allow you provide a premium platform for your Affiliates with different rewards and amounts based on Ranks or special Offers. Technical Details & Description: ================================ Multiple Stored XSS vulnerabilities found logged as a low privileged user. Proof of Concept (PoC): ======================= Authenticated Stored XSS: Logged as an affiliate, a low privileged user. Profile > Edit Account. Write the payload in the 'Last Name' input area: jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNMouseoVer=alert(document.domain) ) Other fields may be vulnerable. Authenticated Stored XSS: Logged as an affiliate, a low privileged user. Marketing > Campaigns > Add New Campaign. Write the payload on the 'Name' input field: <svg/onload=alert(document.domain)> Credits & Authors: ================== 8bitsec - [https://twitter.com/_8bitsec]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top