ID PACKETSTORM:99421 Type packetstorm Reporter High-Tech Bridge SA Modified 2011-03-17T00:00:00
Description
`================================
Vulnerability ID: HTB22894
Reference: http://www.htbridge.ch/advisory/xss_in_sodahead_polls_wordpress_plugin_1.html
Product: Sodahead Polls wordpress plugin
Vendor: SodaHead.com ( SodaHead.com )
Vulnerable Version: 2.0.2
Vendor Notification: 03 March 2011
Vulnerability Type: XSS (Cross Site Scripting)
Status: Fixed by Vendor
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
The vulnerability exists due to failure in the "/wp-content/plugins/sodahead-polls/poll.php" script to properly sanitize user-supplied input in "customize" variable.
User can execute arbitrary JavaScript code within the vulnerable application.
Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
The following PoC is available:
http://[host]/wp-content/plugins/sodahead-polls/poll.php?customize=%27;%3C/script%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
Solution: Upgrade to the most recent version
================================
Vulnerability ID: HTB22893
Reference: http://www.htbridge.ch/advisory/xss_in_sodahead_polls_wordpress_plugin.html
Product: Sodahead Polls wordpress plugin
Vendor: SodaHead.com ( SodaHead.com )
Vulnerable Version: 2.0.2
Vendor Notification: 03 March 2011
Vulnerability Type: XSS (Cross Site Scripting)
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
The vulnerability exists due to failure in the "/wp-content/plugins/sodahead-polls/customizer.php" script to properly sanitize user-supplied input in "poll_id" variable.
User can execute arbitrary JavaScript code within the vulnerable application.
Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
The following PoC is available:
http://[host]/wp-content/plugins/sodahead-polls/customizer.php?poll_id=%27%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
`
{"hash": "2cbfc3f8030ef0bfa845e85a7785dc0497caf7e4d68e3d16aa6524ac6da27786", "sourceHref": "https://packetstormsecurity.com/files/download/99421/sodaheadpolls-xss.txt", "title": "Sodahead Polls 2.0.2 Cross Site Scripting", "id": "PACKETSTORM:99421", "published": "2011-03-17T00:00:00", "description": "", "modified": "2011-03-17T00:00:00", "sourceData": "`================================ \nVulnerability ID: HTB22894 \nReference: http://www.htbridge.ch/advisory/xss_in_sodahead_polls_wordpress_plugin_1.html \nProduct: Sodahead Polls wordpress plugin \nVendor: SodaHead.com ( SodaHead.com ) \nVulnerable Version: 2.0.2 \nVendor Notification: 03 March 2011 \nVulnerability Type: XSS (Cross Site Scripting) \nStatus: Fixed by Vendor \nRisk level: Medium \nCredit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) \n \nVulnerability Details: \nThe vulnerability exists due to failure in the \"/wp-content/plugins/sodahead-polls/poll.php\" script to properly sanitize user-supplied input in \"customize\" variable. \nUser can execute arbitrary JavaScript code within the vulnerable application. \nSuccessful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. \n \nThe following PoC is available: \n \n \nhttp://[host]/wp-content/plugins/sodahead-polls/poll.php?customize=%27;%3C/script%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E \n \nSolution: Upgrade to the most recent version \n \n \n================================ \nVulnerability ID: HTB22893 \nReference: http://www.htbridge.ch/advisory/xss_in_sodahead_polls_wordpress_plugin.html \nProduct: Sodahead Polls wordpress plugin \nVendor: SodaHead.com ( SodaHead.com ) \nVulnerable Version: 2.0.2 \nVendor Notification: 03 March 2011 \nVulnerability Type: XSS (Cross Site Scripting) \nRisk level: Medium \nCredit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) \n \nVulnerability Details: \nThe vulnerability exists due to failure in the \"/wp-content/plugins/sodahead-polls/customizer.php\" script to properly sanitize user-supplied input in \"poll_id\" variable. \nUser can execute arbitrary JavaScript code within the vulnerable application. \nSuccessful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. \n \nThe following PoC is available: \n \n \nhttp://[host]/wp-content/plugins/sodahead-polls/customizer.php?poll_id=%27%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E \n \n \n`\n", "reporter": "High-Tech Bridge SA", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "82d1b965d1dd28d788153374803d1dc3"}, {"key": "modified", "hash": "6a3cb9b7c719fc4b4900487ce83048d0"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "6a3cb9b7c719fc4b4900487ce83048d0"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "2690c18dbd5d740269caabcffa541f2b"}, {"key": "sourceData", "hash": "b1f84d456c1538934a8ae4b48fce855a"}, {"key": "sourceHref", "hash": "8c52f1f043f2ee7772c49c4910021021"}, {"key": "title", "hash": "59e9e4ee795bdf0ee5fb21f892165ad5"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/99421/Sodahead-Polls-2.0.2-Cross-Site-Scripting.html", "lastseen": "2016-11-03T10:23:41", "viewCount": 0, "enchantments": {"vulnersScore": 6.8}}