Tweet-wheel XSS Vulnerability

## FULL DISCLOSURE

#Product :Tweet-wheel
#Exploit Author : Rahul Pratap Singh
#Version :1.0.3.2
#Home page Link : https://wordpress.org/plugins/tweet-wheel/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

—————————————-
Description:
—————————————-
Following  parameters are not sanitized that leads to XSS Vulnerability.

consumer_key,consumer_secret,access_token,access_token_secret

—————————————-
Vulnerable Code:
—————————————-

File Name: testfiles/tweet-wheel/includes/views/auth.php
Found at line:34
<input style=”width:400px” type=”text” name=”consumer_key” value=”<?php echo isset( $_POST[‘consumer_key’] ) ? $_POST[‘consumer_key’] : ”; ?>”>
Found at line:40
<input style=”width:400px” type=”text” name=”consumer_secret” value=”<?php echo isset( $_POST[‘consumer_secret’] ) ? $_POST[‘consumer_secret’] : ”; ?>”>
Found at line:46
<input style=”width:400px” type=”text” name=”access_token” value=”<?php echo isset( $_POST[‘access_token’] ) ? $_POST[‘access_token’] : ”; ?>”>
Found at line:52
<input style=”width:400px” type=”text” name=”access_token_secret” value=”<?php echo isset( $_POST[‘access_token_secret’] ) ? $_POST[‘access_token_secret’] : ”; ?>”>

—————————————-

Fix:
Update to 1.0.4

Vulnerability Disclosure Timeline:
→ March 14, 2016  – Bug discovered, initial report to Vendor.
→ March 22, 2016  – No Response. Report sent again.
→ March 23, 2016  – WordPress Acknowledged.
→ April 21, 2016  – Full Disclosure.

#######################################
#                    CTG SECURITY SOLUTIONS                          #
#                www.ctgsecuritysolutions.com                        #
#######################################

Pub Ref:
https://wordpress.org/plugins/tweet-wheel/changelog/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s