Vulners
Lucene search
WordPress 404 To 301 2.2.8 Cross Site Scripting
`------------------------------------------------------------------------
Stored Cross-Site Scripting vulnerability in 404 to 301 WordPress Plugin
------------------------------------------------------------------------
Alyssa Milburn <amilburn.at.zall.org>, July 2016
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A stored Cross-Site Scripting vulnerability was found in the 404 to 301
WordPress Plugin. This issue can be exploited by an anonymous user and
allows an attacker to perform a wide variety of actions, such as
stealing users' session tokens, or performing arbitrary actions on their
behalf.
------------------------------------------------------------------------
OVE ID
------------------------------------------------------------------------
OVE-20160719-0003
------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully tested on 404 to 301 WordPress Plugin
version 2.2.8.
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
This issue is resolved in 404 to 301 WordPress Plugin version 2.3.1.
------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://sumofpwn.nl/advisory/2016/stored_cross_site_scripting_vulnerability_in_404_to_301_wordpress_plugin.html
The vulnerability exists in the file admin/class-404-to-301-logs.php, which fails to correctly escape user-controlled strings which are output in HTML tables containing logs shown to site administrators, such as the Referer (ref) and User-Agent (ua) fields.
In order to exploit this issue, after an attack attempt has been made, an administrator must view the logs (via the WordPress administration console) provided by the plugin, by clicking '404 Error Logs'.
Proof of concept
Submit an HTTP request to a non-existent URL (to trigger the 404 handler) containing a header such as one of the following:
Referer: "<iframe src=/></iframe>
User-Agent: "<script>alert(/hi/);</script>
------------------------------------------------------------------------
Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its
goal is to contribute to the security of popular, widely used OSS
projects in a fun and educational way.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Nov 2016 00:00Current
7.4High risk
Vulners AI Score7.4