| Title: Reflected XSS in wordpress plugin bodi0s-bots-visits-counter v0.8.1 |
| Author: Larry W. Cashdollar, @_larry0 |
| Date: 2016-02-09 |
| Download Site: https://wordpress.org/plugins/bodi0s-bots-visits-counter |
| Downloads: 2125 |
| Vendor Notified: 2016-02-09 |
| Export: Json |
| Vendor Contact: plugins@wordpress.org |
| Plugin Name: bodi0s-bots-visits-counter |
| Vulnerability: There is a reflected XSS vulnerability in the following php code ./bodi0s-bots-visits-counter/bodi0-bot-admin.php:
451: <p class="submitbox"><a href="?page=<?php echo $_GET['page']; ?>&bot-counter=reset&_wpnonce=<?php echo wp_create_nonce( 'bot-nonce' ) ?>" class="submitdelete">
457: <p class="alignright"> <a href="?page=<?php echo $_GET['page']?>&_wpnonce=<?php echo wp_create_nonce( 'bot-nonce' ) ?>" class="alignleft">
460: <p class="alignright"> <a href="?page=<?php echo $_GET['page'];?>&bot-download=stats&_wpnonce=<?php echo wp_create_nonce( 'bot-nonce' ) ?>" class="alignleft">
600: <form method="post" name="editform" action="?page=<?php echo $_GET['page'] ?>">
616: <form name="form-block" method="post" action="?page=<?php echo $_GET['page'] ?>">
623: <form name="form-unblock" method="post" action="?page=<?php echo $_GET['page']?>">
663: <form method="post" name="form-add-bot" action="?page=<?php echo $_GET['page'];?>">
The variable page appears to send unsanitized data back to the users browser.
|
| CVE-ID: Not Released |
| File:./bodi0s-bots-visits-counter/bodi0-bot-admin.php |
| Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|