Wordpress Gallery Master Persistent XSS Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1040627 漏洞类型
发布时间 2015-12-21 更新时间 2015-12-21
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2015120237
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
<!--
# Exploit Title: Wordpress Gallery Master Persistent XSS Vulnerability.
# Date: 2015/12/20
# Exploit Author: Arash Khazaei
# Vendor Homepage: https://downloads.wordpress.org/plugin/gallery-master.zip
# Software Link: https://wordpress.org/plugins/gallery-master/ & http://tech-prodigy.org/
# Version: 1.0.22
# Tested on: Windows , Firefox Browser
# CVE : N/A
# Email : 0xclay@gmail.com


# Intrduction :

# Wordpress Master Gallery Plugin Have 1,000+ Active Install
# And Suffer From A Stored XSS Vulnerability In Gallery Title & Gallery Description In Add New Gallery Section.
# Authors , Editors And Of Course Administrators Can Use This Vulnerability To Harm WebSite .
-->

Exploit :

For Exploiting This Vulnerability Install Testimonial Slider Plugin
Then Create New SGallery In Gallery Title Input And Gallery Description Place Your JavaScript Code
After Creating Gallery JavaScript Code Will Be Executed . Plugin Is Accessable By Authors , Administartors , Editors .

Image POC :

http://i.imgur.com/bHoezPa.jpg

Vulnerable Codes <gallery-masterviewsgalleriesmanage_galleries.php>[Line : 177]:

1- <label class="gallery_text_italic"><?php echo urldecode($row["gallery_title"]);?></label>

Vulnerable Codes <gallery-masterviewsgalleriesmanage_galleries.php>[Line : 181]:

2- <label class="gallery_text_italic"><?php echo urldecode($row["gallery_description"]);?></label>


<!-- Discovered By Arash Khazaei (A.K.A 0xClay) -->