WordPress Answer My Question Cross Site Scripting

2012-11-04T00:00:00
ID PACKETSTORM:117900
Type packetstorm
Reporter Marcela Benetrix
Modified 2012-11-04T00:00:00

Description

                                        
                                            `#############################  
Exploit Title : Answer my question wordpress plugin Multiple Cross-Site Scripting Vulnerabilities  
Author:Marcela Benetrix  
home:www.girlinthemiddle.net  
Date: 09/19/12  
version: 1.1  
software link:http://wordpress.org/extend/plugins/answer-my-question/  
  
#############################  
Answer my question plugin description  
  
This plugin allows users to ask question to the blog administrator in an easy, simple way with a minimalistic and friendly design.It uses php and mysql to store the questions.  
  
##########################  
XSS location  
  
The problem is located in the file: record_my_question.php which user's input are not sanitized.  
  
This plugin displays a form with many fields to fill in. 2 of them are vulnerable to PERSISTENT cross site scripting. The vulnerable fields are:  
  
* name   
* subject  
  
Via post, we can send malicious code in order to steal cookies, access to sensitive information, do a web application defacement to every single user that visits the poisoned profile.  
##########################  
Vendor Notification  
  
09/28/2012 to: the developer. He replied immediately and fixed the problem.  
posted in plugin track repository http://plugins.trac.wordpress.org/ticket/1576  
Because of it, a new version has been released  
`