WordPress Altos Connect Widget 1.3.0 Cross Site Scripting
2015-07-30T00:00:00
ID PACKETSTORM:132908 Type packetstorm Reporter Morten Nortoft Modified 2015-07-30T00:00:00
Description
`Title: WordPress 'Altos Connect Widget' Plugin
Version: 1.3.0
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-15
Download:
- https://wordpress.org/plugins/altos-connect/
- https://plugins.svn.wordpress.org/altos-connect/
Notified WordPress: 2015-06-21
==========================================================
## Plugin description
==========================================================
Description: Altos Connect registration widget for WordPress®. Altos Connect registration widget for WordPress®. The Altos Connect plugin can be us
## XSS vulnerability
==========================================================
The _SERVER variable 'PHP_SELF' is printed without sanitization in a captcha demo page (which is not removed when installing). This can be exploited with a direct link to the vulnerable file.
PoC:
[URL]/wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/"><script>alert(1)</script>
It seems like this is fixed in the newest version of jquery-validate, but this plugin has not been patched.
## Solution
==========================================================
No fix available
==========================================================
Vulnerability found using Eir; an early stage static vulnerability scanner for PHP applications.
`
{"edition": 1, "title": "WordPress Altos Connect Widget 1.3.0 Cross Site Scripting", "bulletinFamily": "exploit", "published": "2015-07-30T00:00:00", "lastseen": "2016-11-03T10:29:37", "history": [], "modified": "2015-07-30T00:00:00", "reporter": "Morten Nortoft", "hash": "1da9de9ad11f90d3cc22b3f6799299b1e938a4d9623e2a6b88a1c572102452f9", "sourceHref": "https://packetstormsecurity.com/files/download/132908/wpacw-xss.txt", "viewCount": 2, "href": "https://packetstormsecurity.com/files/132908/WordPress-Altos-Connect-Widget-1.3.0-Cross-Site-Scripting.html", "description": "", "type": "packetstorm", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d6c670cb033b6283ee464c37678cb25a"}, {"key": "modified", "hash": "17349f1b1e2a055ccd1d9afb78ddc399"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "17349f1b1e2a055ccd1d9afb78ddc399"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "410cc41e0866a91418acd06abe6d99b9"}, {"key": "sourceData", "hash": "47ab77c46e91354bc23fbc7bbae628bb"}, {"key": "sourceHref", "hash": "8b942da83850eef0d096bb0960832716"}, {"key": "title", "hash": "076a999416b5b38907a5f851459eaa22"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "references": [], "objectVersion": "1.2", "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2016-11-03T10:29:37"}, "dependencies": {"references": [], "modified": "2016-11-03T10:29:37"}, "vulnersScore": 0.1}, "sourceData": "`Title: WordPress 'Altos Connect Widget' Plugin \nVersion: 1.3.0 \nAuthor: Morten N\u00f8rtoft, Kenneth Jepsen & Mikkel Vej \nDate: 2015-06-15 \nDownload: \n- https://wordpress.org/plugins/altos-connect/ \n- https://plugins.svn.wordpress.org/altos-connect/ \nNotified WordPress: 2015-06-21 \n========================================================== \n \n## Plugin description \n========================================================== \nDescription: Altos Connect registration widget for WordPress\u00c2\u00ae. Altos Connect registration widget for WordPress\u00c2\u00ae. The Altos Connect plugin can be us \n \n## XSS vulnerability \n========================================================== \nThe _SERVER variable 'PHP_SELF' is printed without sanitization in a captcha demo page (which is not removed when installing). This can be exploited with a direct link to the vulnerable file. \n \nPoC: \n[URL]/wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/\"><script>alert(1)</script> \n \nIt seems like this is fixed in the newest version of jquery-validate, but this plugin has not been patched. \n \n## Solution \n========================================================== \nNo fix available \n \n========================================================== \nVulnerability found using Eir; an early stage static vulnerability scanner for PHP applications. \n`\n", "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "PACKETSTORM:132908"}