Title: Reflected XSS in wordpress plugin w-dalil v1.02 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/w-dalil |
Downloads: 33 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: w-dalil |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./w-dalil/includes/w-dalil-shortcodes.php:
17: <div class="dalil_remove_wrap"><a href="<?php echo $remove_link; ?>" ><i class="icon-cancel"></i></a> <?php echo $_GET['wcat'] ;
44: <div class="dalil_remove_wrap"><a href="<?php echo $remove_link; ?>" ><i class="icon-cancel"></i></a> <?php echo $_GET['ws'] ;
68: <div class="dalil_remove_wrap"><a href="<?php echo $remove_link; ?>" ><i class="icon-cancel"></i></a> <?php echo $_GET['ws'] ;
73: <div class="dalil_remove_wrap"><a href="<?php echo $remove_link; ?>" ><i class="icon-cancel"></i></a> <?php echo $_GET['wcat'] ;
110: <div class="dalil_remove_wrap"><a href="<?php echo $remove_link; ?>" ><i class="icon-cancel"></i></a> <?php echo $_GET['wcat'] ;
291: <input type="hidden" required name="wcat" value="<?php echo $_GET['wcat']; ?>"/>
296: <input type="hidden" required name="wcity" value="<?php echo $_GET['wcity']; ?>"/>
The variable wcat appears to send unsanitized data back to the users browser.
|
CVE-ID: Not Released |
File:./w-dalil/includes/w-dalil-shortcodes.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|