| Title: Reflected XSS in wordpress plugin w-dalil v1.02 |
| Author: Larry W. Cashdollar, @_larry0 |
| Date: 2016-02-09 |
| Download Site: https://wordpress.org/plugins/w-dalil |
| Downloads: 33 |
| Vendor Notified: 2016-02-09 |
| Export: Json |
| Vendor Contact: plugins@wordpress.org |
| Plugin Name: w-dalil |
| Vulnerability: There is a reflected XSS vulnerability in the following php code ./w-dalil/includes/w-dalil-shortcodes.php:
17: <div class="dalil_remove_wrap"><a href="<?php echo $remove_link; ?>" ><i class="icon-cancel"></i></a> <?php echo $_GET['wcat'] ;
44: <div class="dalil_remove_wrap"><a href="<?php echo $remove_link; ?>" ><i class="icon-cancel"></i></a> <?php echo $_GET['ws'] ;
68: <div class="dalil_remove_wrap"><a href="<?php echo $remove_link; ?>" ><i class="icon-cancel"></i></a> <?php echo $_GET['ws'] ;
73: <div class="dalil_remove_wrap"><a href="<?php echo $remove_link; ?>" ><i class="icon-cancel"></i></a> <?php echo $_GET['wcat'] ;
110: <div class="dalil_remove_wrap"><a href="<?php echo $remove_link; ?>" ><i class="icon-cancel"></i></a> <?php echo $_GET['wcat'] ;
291: <input type="hidden" required name="wcat" value="<?php echo $_GET['wcat']; ?>"/>
296: <input type="hidden" required name="wcity" value="<?php echo $_GET['wcity']; ?>"/>
The variable wcat appears to send unsanitized data back to the users browser.
|
| CVE-ID: Not Released |
| File:./w-dalil/includes/w-dalil-shortcodes.php |
| Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|