Reflected Cross-site scripting vulnerability 3.7.3 | ww.wp.xz.cn

havoc1988
(@havoc1988)

11 years, 3 months ago

This issue requires a valid credential to be used.

Vulnerability description:
The “wptouch__wptouch_pro__site_title” and “wptouch__wptouch_pro__force_locale” parameters do not filter dangerous chars, allowing users to inject javascript code in the page in a non-permanent way

Steps to replicate:
1) Open the Core settings page on http://localhost/wordpress/wp-admin/admin.php?page=wptouch-admin-general-settings
2) Using a proxy, for example Burp Interceptor, edit the values for the “wptouch__wptouch_pro__site_title” and “wptouch__wptouch_pro__force_locale” parameters adding this example payload:

"><script>alert(123)</script>

3) Submit the changes
4) Observe the alert message:
http://i.imgur.com/jtferBZ.png

https://ww.wp.xz.cn/plugins/wptouch/

The topic ‘Reflected Cross-site scripting vulnerability 3.7.3’ is closed to new replies.

Tags

xss

0 replies
1 participant
Last reply from: havoc1988
Last activity: 11 years, 3 months ago
Status: not resolved