[Urgent] Fix reflected XSS in new_window.php #63
Conversation
|
Well, yes, I can see how this can be used against WordPress site owners (or people registered on such websites). Given a relatively small number of plugin installations, the possibilities of attack are very moderate. Of course, I will look at the patch, but please do not push it as urgent. |
|
Thanks for your reply. I'm glad that you have figure it out :-) If you have any questions on XSS, feel free to ask. Yes, you're right: this vulnerability isn't critical (exploiting a reflected XSS requires to target specific users and an interaction from them). But it's still a publicly available vuln and finding the vulnerable websites is as easy as a Google search. I marked it as urgent, because, to be honest, as the last commit was 2 years ago, I was afraid that the project was abandoned and that I will never get a response from you. I'm happy to see that it's not the case. I don't know the exact usage statistics (Google found 966 results though). But if you are bothered by the |
|
Merged into unstable branch. See fb6fae2. |
new_window.phpis vulnerable to 2 reflected XSS:urlparameter:/wp-content/plugins/share-on-diaspora/new_window.php?url=%3Cimg%20src=x%20onerror=alert(%22xss%22)%3E. Note that this XSS was publicly disclosed (not by me), so fixing the vulnerability is urgent.titleparameter in the following condition on line 264 is true:/wp-content/plugins/share-on-diaspora/new_window.php?url=test.com&title=>%27>"><img%20src=x%20onerror=alert(0)>Please check that there is no other XSS left (for example using the name of dispora* pods). I didn't checked other files for XSS.