WordPress WooCommerce 2.0.12 Cross Site Scripting

2013-07-18T00:00:00
ID PACKETSTORM:122465
Type packetstorm
Reporter Mirza Burhan Baig
Modified 2013-07-18T00:00:00

Description

                                        
                                            `WooCommerce 2.0.12 Persistent XSS  
  
Details  
==============================================================================  
Product: WooCommerce 2.0.12  
Security-Risk: High  
Remote-Exploit: yes  
Vendor-URL: http://www.woothemes.com/woocommerce/  
Advisory-Status: NotPublished  
  
Credits  
==============================================================================  
Discovered by: Mirza Burhan Baig of BlacKBitZ.net!  
  
Affected Products:  
==============================================================================  
WooCommerce 2.0.12  
  
Description  
==============================================================================  
"Ecommerce Plugin For Wordpress"  
  
More Details  
==============================================================================  
I have discsovered a persistent Cross site scripting (XSS) inside  
WooCommerce 2.0.12(Latest Version),  
the vulnerability can be easily exploited and can be used to steal cookies,  
perform phishing attacks and other various attacks compromising the security of a  
user.  
  
Proof of Concept  
==============================================================================  
Go to any of the products from below link:  
  
http://woo.browsepress.com/  
  
Add any of the product to cart by filling all the details, click on "Add To Cart",   
now proceed to "View Cart" form the below Link:  
  
http://woo.browsepress.com/shop/beyond-the-moon/  
  
Click on the "Calculate Shipping" > select the country which has no state already   
and put the below vector in the state field, and put the any postal code.  
  
#"><img src=x onerror=prompt(document.cookie);>  
  
Now click "Update Total", now go to the top and click on the "Proceed To CheckOut"   
  
Wollah.. here you go with your own Cookie!  
  
  
Exploit  
==============================================================================  
  
Goto the Cart Page and play with the vector, above vector will show you the Cookie, steal it... ;)  
  
  
Solution  
==============================================================================  
Edit the source code to ensure that input is properly sanitised.  
  
  
--   
Warm Regards,  
Mirza Burhan Baig  
  
http://BlackBitZ.net  
`