Echosign Plugin for WordPress XSS Vulnerability

## FULL DISCLOSURE

#Product : Echosign Plugin
#Exploit Author : Rahul Pratap Singh
#Version :1.1
#Home page Link : https://wordpress.org/plugins/echosign/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

—————————————-
Description:
—————————————-
“Page” and “id”  parameters are not sanitized that leads to XSS Vulnerability.

—————————————-
Vulnerable Code:
—————————————-

File Name: testfiles/echosign/inc.php
Found at line:199

<input type=”hidden” name=”page” value=”<?php echo $_REQUEST[‘page’]; ?>” />

File Name: testfiles/echosign/templates/add_templates.php
Found at line:31
<input type = ‘hidden’ name = ‘id’  value = ‘<?php echo $_REQUEST[‘id’]; ?>’>

—————————————-

Fix:
No fix Available

Vulnerability Disclosure Timeline:
→ March 03, 2016  – Bug discovered, initial report to WordPress.
→ March 07, 2016  – No, response. Report sent again.
→ March 08, 2016  – WordPress Acknowledged. Plugin taken down.
→ April 21, 2016  – Plugin still down. No patch available.

Pub Ref:
https://wordpress.org/plugins/echosign/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s