Title: Reflected XSS in wordpress plugin sailthru-triggermail v1.1 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/sailthru-triggermail |
Downloads: 727 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: sailthru-triggermail |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./sailthru-triggermail/sailthru_options.php:
183: <input type="text" name="blast_name" style="width: 250px;" value="<?php echo $_POST['blast_name'] ?>">
191: <input type="text" id="from_name" name="from_name" style="width: 250px;" id="from_name" value="<?php echo $_POST['from_name'] ?>">
199: <input type="text" id="from_email" name="from_email" style="width: 250px;" value="<?php echo $_POST['from_email'] ?>">
229: <input type="text" name="schedule_time" style="width: 250px;" value="<?php echo $_POST['schedule_time'] ?>">
237: <input type="text" name="subject" id="subject" style="width: 650px;" value="<?php echo $_POST['subject'] ?>">
284: <textarea name="plaintext_body" id="text_body" rows="10" cols="90"><?php echo $_POST['plaintext_body']; ?></textarea>
420: echo $_POST['form_name'];
The variable blast_name appears to send unsanitized data back to the users browser via POST request.
|
CVE-ID: Not Released |
File:./sailthru-triggermail/sailthru_options.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|