id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
21917	Wordpress 3.4.2 - Multiple XSS Vulnerability	nuxbie		"[ Wordpress 3.4.2 - Multiple XSS Vulnerability ]

Hello, my name is Catur Febrian (nuxbie).
I have bugs at new webapps wordpress (last version).
This bugs is XSS (Cross Site Scripting).
Wordpress 3.4.2 have a multiple vuln.
1. XSS WP-Post.
2. XSS WP-Page.
3. XSS WP-MediaLibrary.

Please, read my exploit report... :-)

Exploit Title: CMS Wordpress - Multiple XSS Vulnerability
Author       : TheCyberNuxbie [ Catur Febrian ]
E-mail       : root@31337sec.com
Version CMS  : Version 3.4.2 (Last Version)
Category     : WebApps / Content Management System (CMS)
Security Risk: Medium Level
Link Downlaod: http://www.wordpress.org/
Tested On    : Mozilla Firefox + Xampp + Windows 7 x32 ID

[ Information Content ]
WordPress - Web Publishing Software.
http://www.wordpress.org/

[ Vulnerability Details ]
1. XSS WP-Post.
2. XSS WP-Page.
3. XSS WP-MediaLibrary.

[ XSS CODE ]
<script>alert('31337');</script>
<script>alert(document.cookie);</script>
<script>window.open(""http://www.google.com/"")</script>

- Exploit Report:
1. Create / Edit WP-Post:
Input ""Title Post"" with Script XSS.
<script>alert('31337');</script>
http://wordpress/wp-admin/post-new.php <--- Publish.
View XSS: http://wordpress/?p=xxx <--- XSSed.
PIC: http://31337sec.com/wordpress/xss-post1.jpg + http://31337sec.com/wordpress/xss-post2.jpg

2. Create / Edit WP-Page:
Input ""Title Page"" with Script XSS.
<script>alert('31337');</script>
http://wordpress/wp-admin/post-new.php?post_type=page <--- Publish.
View XSS: http://wordpress/?page_id=xxx <--- XSSed.
PIC: http://31337sec.com/wordpress/xss-page1.jpg + http://31337sec.com/wordpress/xss-page2.jpg

3. Add / Edit WP-Media Library:
Upload files via Media Library.
http://wordpress/wp-admin/media-new.php <--- Select File.
Upload Files, Save...!!!
Input Form ""Title"", ""Caption"", ""Description"" with Script XSS <--- Save All Changes.
View XSS: http://wordpress/?attachment_id=xxx <--- XSSed.
PIC: http://31337sec.com/wordpress/xss-media1.jpg + http://31337sec.com/wordpress/xss-media2.jpg + http://31337sec.com/wordpress/xss-media3.jpg

- Script XSS will be affacted:
1. Frontend Website (post).
http://wordpress/?p=xxx <--- XSSed.
2. Frontend Website (page).
http://wordpress/?page_id=xxx <--- XSSed.
3. Frontend Website (attachment).
http://wordpress/?attachment_id=xxx <--- XSSed.

Thanks...
TheCyberNuxbie"	defect (bug)	closed	normal		General	3.4.2	normal	invalid