[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher



#####################################
Title:-   XSS In Image-Metadata-Cruncher
Author:   Kaustubh G. Padwad
Product:  image-metadata-cruncher
pluginURL:https://wordpress.org/plugins/image-metadata-cruncher/  
Severity: Medium
Auth: 	  Requierd

# Description: 
Vulnerable Parameter: 
Alternate text:
Caption:
Custom image meta tags:

# Vulnerability Class:
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS))

# About Vulnerability: This plugin is vulnerable to reflected XSS.


#Steps to Reproduce: (POC):
After installing plugin
Enter this URL 
1. Login to wordpress

Navigate to this URL
2.http://localhost/wordpress/wp-admin/plugins.php?page=image_metadata_cruncher-options&settings-updated=true

The follwing fileds are vulabrable to XSS

Alternate text: Need to paste the payload this prevent from typing script
Caption: Need to paste the payload this prevent from typing script
Custom image meta tags: Need to paste the payload this prevent from typing script


#Impact
This vulnablerbility can be tricked using CSRF and can use xss to steal tthe cookie,creadintial code execution etc.

# Disclosure: 
1-feb-2015 Repoerted to Developer
2-Feb-2015 Acknodlagement from Developer
8-feb-2015 Ask update from developer
13-feb-2015 Inform developer about Public discloser with confirmation of patching this in next realese
14-feb-2015 Inform to Bugtraq,Public Disclose

#credits:
Kaustubh Padwad
Information Security Researcher
kingkaustubh@xxxxxx
https://twitter.com/s3curityb3ast
http://breakthesec.com
https://www.linkedin.com/in/kaustubhpadwad