WordPress Ultimate Affiliate Pro 3.6 Cross Site Scripting Vulnerability

ID 1337DAY-ID-28195
Type zdt
Reporter 8bitsec
Modified 2017-07-26T00:00:00


WordPress Ultimate Affiliate Pro plugin versions 3.6 and below suffer from a persistent cross site scripting vulnerability.

                                            # Exploit Title: Ultimate Affiliate Pro WordPress Plugin <= v3.6 - Authenticated Stored XSS
# Date: 2017-07-24
# Exploit Author: 8bitsec
# Vendor Homepage: http://affiliate.wpindeed.com/
# Software Link: https://codecanyon.net/item/ultimate-affiliate-pro-wordpress-plugin/16527729
# Version: 3.6
# Tested on: [Kali Linux 2.0 | Mac OS 10.12.5]
# Email: [email protected]
# Contact: https://twitter.com/_8bitsec

Release Date:

Product & Service Introduction:
Ultimate Affiliate Pro is the newest and most completed Affiliate WordPress Plugin that allow you provide a premium platform for your Affiliates with different rewards and amounts based on Ranks or special Offers.

Technical Details & Description:

Multiple Stored XSS vulnerabilities found logged as a low privileged user.

Proof of Concept (PoC):

Authenticated Stored XSS:

Logged as an affiliate, a low privileged user. Profile > Edit Account.
Write the payload in the 'Last Name' input area:
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNMouseoVer=alert(document.domain) )

Other fields may be vulnerable.

Authenticated Stored XSS:

Logged as an affiliate, a low privileged user.
Marketing > Campaigns > Add New Campaign. Write the payload on the 'Name' input field:

Credits & Authors:
8bitsec - [https://twitter.com/_8bitsec]

#  0day.today [2018-04-09]  #