Title: Reflected XSS in wordpress plugin kingkongcart v0.8.0 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/kingkongcart |
Downloads: 1335 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: kingkongcart |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./kingkongcart/includes/order.php:
469: (<?php echo $coupon_type;?>쿠폰 <?php echo $_POST['using_coupon_discount'];?> 사용)
532: <input type="hidden" name="paid_coupon" value="<?php echo $_POST['will_using_coupon_id'];?>">
621: <td><input type="text" name="input_mileage" value="<?php echo $_POST['using_mileage'];?>"> <input type="button" class="kingkongtheme_button" value="적립금 사용" onclick="use_mileage(<?php echo $user_id;?>);">
755: <input type="hidden" name="will_using_coupon_id" value="<?php echo $_POST['will_using_coupon_id'];?>">
763: <input type="hidden" name="will_using_coupon_id" value="<?php echo $_POST['will_using_coupon_id'];?>">
The variable using_coupon_discount appears to send unsanitized data back to the users browser via POST request.
|
CVE-ID: Not Released |
File:./kingkongcart/includes/order.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|