Daily Maui Photo Widget WordPress Plugin 0.2 Cross Site Scripting

Type packetstorm
Reporter High-Tech Bridge SA
Modified 2011-04-28T00:00:00


                                            `Vulnerability ID: HTB22960  
Reference: http://www.htbridge.ch/advisory/xss_in_daily_maui_photo_widget_wordpress_plugin.html  
Product: Daily Maui Photo Widget wordpress plugin  
Vendor: Kris Nelson ( http://www.webnelly.com/ )   
Vulnerable Version: 0.2  
Vendor Notification: 14 April 2011   
Vulnerability Type: XSS (Cross Site Scripting)  
Status: Fixed by Vendor  
Risk level: Medium   
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )   
Vulnerability Details:  
User can execute arbitrary JavaScript code within the vulnerable application.  
The vulnerability exists due to failure in the "/wp-content/plugins/daily-maui-photo-widget/wp-dailymaui-widget-control.php" script to properly sanitize user-supplied input in "title" variable when register_globals is On.   
Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.  
The following PoC is available:   
Solution: Upgrade to the most recent version