## FULL DISCLOSURE #Product : Echosign Plugin #Exploit Author : Rahul Pratap Singh #Version :1.1 #Home page Link : https://wordpress.org/plugins/echosign/ #Website : 0x62626262.wordpress.com #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Date : 21/4/2016 XSS Vulnerability: ---------------------------------------- Description: ---------------------------------------- "Page" and "id" parameters are not sanitized that leads to XSS Vulnerability. ---------------------------------------- Vulnerable Code: ---------------------------------------- File Name: testfiles/echosign/inc.php Found at line:199 <input type="hidden" name="page" value="<?php echo $_REQUEST['page']; ?>" /> File Name: testfiles/echosign/templates/add_templates.php Found at line:31 <input type = 'hidden' name = 'id' value = '<?php echo $_REQUEST['id']; ?>'> ---------------------------------------- Fix: No fix Available Vulnerability Disclosure Timeline: → March 03, 2016 – Bug discovered, initial report to WordPress. → March 07, 2016 – No, response. Report sent again. → March 08, 2016 – WordPress Acknowledged. Plugin taken down. → April 21, 2016 – Plugin still down. No patch available. Pub Ref: https://0x62626262.wordpress.com/2016/04/21/echosign-plugin-for-wordpress-xss-vulnerability/ https://wordpress.org/plugins/echosign/
Attachment:
0xE5D04434.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
