WordPress Echosign plugin version 1.1 suffers from a cross site scripting vulnerability.
6f6ab95679fb960f62775b09e93953ed4e987e91fb68dfc211274f7cabaf63c0## FULL DISCLOSURE
#Product : Echosign Plugin
#Exploit Author : Rahul Pratap Singh
#Version :1.1
#Home page Link : https://wordpress.org/plugins/echosign/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016
XSS Vulnerability:
----------------------------------------
Description:
----------------------------------------
"Page" and "id" parameters are not sanitized that leads to XSS
Vulnerability.
----------------------------------------
Vulnerable Code:
----------------------------------------
File Name: testfiles/echosign/inc.php
Found at line:199
<input type="hidden" name="page" value="<?php echo $_REQUEST['page']; ?>" />
File Name: testfiles/echosign/templates/add_templates.php
Found at line:31
<input type = 'hidden' name = 'id' value = '<?php echo $_REQUEST['id'];
?>'>
----------------------------------------
Fix:
No fix Available
Vulnerability Disclosure Timeline:
→ March 03, 2016 – Bug discovered, initial report to WordPress.
→ March 07, 2016 – No, response. Report sent again.
→ March 08, 2016 – WordPress Acknowledged. Plugin taken down.
→ April 21, 2016 – Plugin still down. No patch available.
Pub Ref:
https://0x62626262.wordpress.com/2016/04/21/echosign-plugin-for-wordpress-xss-vulnerability/
https://wordpress.org/plugins/echosign/
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed