29 lines
No EOL
757 B
Text
29 lines
No EOL
757 B
Text
# Exploit Title: WordPress MDC Private Message Persistent XSS
|
|
# Date: 8/20/15
|
|
# Exploit Author: Chris Kellum
|
|
# Vendor Homepage: http://medhabi.com/
|
|
# https://wordpress.org/plugins/mdc-private-message/
|
|
# Version: 1.0.0
|
|
|
|
|
|
|
|
=====================
|
|
Vulnerability Details
|
|
=====================
|
|
|
|
The 'message' field doesn't sanitize input, allowing a less privileged user (Editor, Author, etc.)
|
|
to execute an XSS attack against an Administrator.
|
|
|
|
Proof of Concept:
|
|
|
|
Place <script>alert('Hello!')</script> in the message field of a private message and then submit.
|
|
|
|
Open the message and the alert window will fire.
|
|
|
|
===================
|
|
Disclosure Timeline
|
|
===================
|
|
|
|
8/16/15 - Vendor notified.
|
|
8/19/15 - Version 1.0.1 released.
|
|
8/20/15 - Public Disclosure. |