Title: Reflected XSS in wordpress plugin no-frills-prize-draw v1.1.1 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/no-frills-prize-draw |
Downloads: 126 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: no-frills-prize-draw |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./no-frills-prize-draw/admin/nfpd-view-entrees-admin.php:
103: <form class='define' action="" method="get">Search by Email: <input type="text" name='email' value='<?php if(isset($_GET['email'])) echo $_GET['email'];?>' /><input type='hidden' name='page' value='nfpd_prize_draw_view_draw_entries'/> <?php if($realanswer!="") {?>Filter: <select id='filter' name='filter'><option value='0'>All</option><option value='1' <?php if(@$_GET['filter']=="1"){echo " selected";}?>>Only Correct Entries</option></select><?php } ?> <input type="submit" value='Refine results' class='button' /></form>
The variable email appears to send unsanitized data back to the users browser.
|
CVE-ID: Not Released |
File:./no-frills-prize-draw/admin/nfpd-view-entrees-admin.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|