Wordpress - Beer Recipes v.1.0 XSS

vendor:

Beer Recipes Plugin

by:

TheUzuki.

7.5

CVSS

HIGH

XSS

CWE

Product Name: Beer Recipes Plugin

Affected Version From: v.1.0

Affected Version To: v.1.0

Patch Exists: YES

Related CWE: N/A

CPE: a:opensourcebrew:beer_recipes_plugin

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7

2011

WordPress – Beer Recipes v.1.0 XSS

By Commenting a Beer Recip, with a javascript, the Javascripts,gets executed directly. This causes a XSS.

Mitigation:

Input validation and output encoding can be used to prevent XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: Wordpress - Beer Recipes v.1.0 XSS
# Google Dork: -
# Date: June / 25 / 2011
# Author: TheUzuki.'
# Software Link: http://opensourcebrew.org/beer-recipes-plugin/
# Version: v.1.0
# Tested on: Windows 7
# CVE : -

####################################################################
# SIESTTA 2.0 (LFI/XSS) Multiple Vulnerabilities
# download: http://opensourcebrew.org/beer-recipes-plugin/
#
# Author: TheUzuki.' from HF
# mail: uzuki[@]live[dot]de
#
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
#
####################################################################
#
# Notes: You need to be User at the Wordpress Board
#
####################################################################

--Description of Wordpress Plugin--

Creates a custom post type for easily entering beer recipes into WordPress

--Exploit--

By Commenting a Beer Recip, with a javascript, the Javascripts,gets executed directly.
This causes a XSS.

--PoC--

<script>alert(document.cookie)</script>