80 lines
No EOL
1.3 KiB
Text
80 lines
No EOL
1.3 KiB
Text
TITLE
|
|
=====
|
|
|
|
Quick Paypal Payments - Persistent Cross Site Scripting Vulnerability
|
|
|
|
|
|
AUTHOR
|
|
======
|
|
|
|
Zy0d0x
|
|
|
|
|
|
BLOG
|
|
====
|
|
|
|
https://zy0d0x.com
|
|
|
|
DATE
|
|
====
|
|
|
|
10/08/2013
|
|
|
|
VENDOR
|
|
======
|
|
|
|
Quick Plugins - http://quick-plugins.com/
|
|
|
|
|
|
AFFECTED PRODUCT
|
|
================
|
|
|
|
Quick Paypal Payments Wordpress Plugin Version 3.0 possibly earlier
|
|
|
|
|
|
VULNERABILITY CLASS
|
|
===================
|
|
|
|
Cross-Site Scripting
|
|
|
|
|
|
DESCRIPTION
|
|
===========
|
|
|
|
|
|
Quick Paypal Payments suffers from a persistent Cross-Site Scripting vulnerability due to a lack
|
|
of input validation and output sanitization of the "reference" and "amount" paramaters.
|
|
Other input fields are also effective to reflective cross site scripting.
|
|
|
|
|
|
PROOF OF CONCEPT
|
|
================
|
|
|
|
Enter the following into the field where Quick Paypal Payments requests a Payment reference.
|
|
|
|
--- SNIP ---
|
|
|
|
"><script>alert(String.fromCharCode(90,121,48,100,48,120))</script><
|
|
|
|
--- SNIP ---
|
|
|
|
If the message has been sent successfully a alert diolog will apear containing Zy0d0x when an user checks there message in the dashboard.
|
|
|
|
|
|
IMPACT
|
|
======
|
|
|
|
An attacker could potentially hijack session authentication tokes of remote users and leverage the
|
|
vulnerability to increase the attack vector to the underlying software and operating system of the victim.
|
|
|
|
|
|
THREAT LEVEL
|
|
============
|
|
|
|
High
|
|
|
|
|
|
STATUS
|
|
======
|
|
|
|
Not Fixed |