WordPress Plugin Relevanssi 2.7.2 – Persistent Cross-Site Scripting

• Exploit Database
• 11 阅读

• 作者： Saif El-Sherei
  日期： 2011-02-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16233/

• # Exploit Title: Relevanssi User Searches WordPress plugin Stored XSS
  # Date: 20-2-2011
  # Author: Saif El-Sherei
  # Software Link: http://downloads.wordpress.org/plugin/relevanssi.2.7.2.zip
  # Version: Relevanssi 2.7.2, WordPress 3.0.5
  # Tested on: FireFox 3.6.13, IE 8
  # Vendor Response: plugin author released an update to fix this issue
  
  Info:
  
  Relevanssi replaces the standard WordPress search with a better search
  engine, with lots of features and configurable options. You'll get better
  results, better presentation of results - your users will thank you.
  downloaded 34,3963 times.
  
  Details:
  
  Log search queries must be enabled in the plugin settings; A stored XSS
  vulnerability exists due to "search Query" variable is displayed & logged
  unsanitized in the "User Searches" section in the admin Dashboard, allowing
  an attacker to inject malicious HTML code.
  
  
  POC:
  
  <script>alert('XSS');</script>
  
  Solution:
  
  Update to latest plugin version