WordPress 4.5.3 Cross Site Scripting

2016-09-09T00:00:00
ID PACKETSTORM:138657
Type packetstorm
Reporter Han Sahin
Modified 2016-09-09T00:00:00

Description

                                        
                                            `------------------------------------------------------------------------  
Persistent Cross-Site Scripting vulnerability in WordPress due to unsafe  
processing of file names  
------------------------------------------------------------------------  
Han Sahin, July 2016  
  
------------------------------------------------------------------------  
Abstract  
------------------------------------------------------------------------  
A persistent Cross-Site Scripting (XSS) vulnerability has been found in  
WordPress. An attacker can create a specially crafted image file name  
which, when uploaded in WordPress, injects malicious JavaScript code  
into the application. An attacker can use this vulnerability to perform  
a wide variety of actions, such as stealing victims' session tokens or  
login credentials, and performing arbitrary actions on their behalf.  
  
------------------------------------------------------------------------  
OVE ID  
------------------------------------------------------------------------  
OVE-20160724-0018  
  
------------------------------------------------------------------------  
Tested versions  
------------------------------------------------------------------------  
This issue was successfully tested on WordPress 4.5.3.  
  
------------------------------------------------------------------------  
Fix  
------------------------------------------------------------------------  
This vulnerability is resolved in WordPress 4.6.1 (Release Notes).  
  
------------------------------------------------------------------------  
Details  
------------------------------------------------------------------------  
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html  
  
When an image with a file name such as cengizhansahinsumofpwn<img src=a onerror=alert(document.cookie)>.jpg is uploaded and viewed within WordPress the script code is executed  
  
------------------------------------------------------------------------  
Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its  
goal is to contribute to the security of popular, widely used OSS  
projects in a fun and educational way.  
`