Title: Reflected XSS in wordpress plugin myarcadeblog v5.1.0 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/myarcadeblog |
Downloads: 65007 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: myarcadeblog |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./myarcadeblog/core/myarcade_admin.php:
745: <span id="general_delmap_<?php echo $_POST['mapcat']; ?>_<?php echo $feedcategories[$i]['Slug']; ?>" class="remove_map">
746: <img style="flaot:left;top:4px;position:relative;" src="<?php echo MYARCADE_CORE_URL; ?>/images/remove.png" alt="UnMap" onclick="myabp_del_map('<?php echo $_POST['mapcat']; ?>', '<?php echo $feedcategories[$i]['Slug']; ?>', 'general')" /> <?php echo $cat_name; ?>
793: <span id="bigfish_delmap_<?php echo $_POST['mapcat']; ?>_<?php echo $bigfish['categories'][$i]['ID']; ?>" class="remove_map">
794: <img style="flaot:left;top:4px;position:relative;" src="<?php echo MYARCADE_CORE_URL; ?>/images/remove.png" alt="UnMap" onclick="myabp_del_map('<?php echo $_POST['mapcat']; ?>', '<?php echo $bigfish['categories'][$i]['ID']; ?>', 'bigfish')" /> <?php echo $cat_name; ?>
The variable mapcat appears to send unsanitized data back to the users browser via POST request.
|
CVE-ID: Not Released |
File:./myarcadeblog/core/myarcade_admin.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|