WP-Statpress XSS

July 6, 2008 · Posted in Bugtrack, XSS Corner 

One XSS from WP-Statpress, where you can put XSS in the referrer by modifying the referrer with a program like Achilles (not available to download anymore, but you can search for it, or use a Firefox Plugin). Take a look at here:

1146: $referrer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
1147: $userAgent = (isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');

Which means, it is vulnerable if someone modifies the referrer through Achilles (I’ll show you how sometime), and put an xss script (something like: http://abc.de/’>”><script>alert(/xss/)</script>), and modify the user agent and put an XSS script. As you know, this can be used for stealing cookies.

Affected Version: 1.2.9
The author has released the patch, update your plugin now from your plugins tab.

Original Post:
http://blog.rogeriopvl.com/archives/statpress-plugin-xss-vulnerability-disclosure – by c0nde

Read more:
http://wordpress.org/support/topic/184321 – WP.org support topic
http://chrispederick.com/work/user-agent-switcher/ – for the user agent modifying.
http://zoiz.web.id/xss-corner/wp-statpress-xss.html – quickly explained by Zoiz.
http://zoiz.web.id/xss-corner/useragent-xss.html – XSS from user agent
https://addons.mozilla.org/en-US/firefox/search?q=HTTP+Headers – Firefox Add-on search page

No related post.

Related posts brought to you by Yet Another Related Posts Plugin.

Tags: , , , , , , ,

Comments