Wordpress Securepress Plugin Vulnerability

http://wordpress.org/extend/plugins/securepress-plugin/
While looking around in a Wordpress install, I found this little gem:
line 2218:
$back = isset($_POST['back']) ? $_POST['back'] : null;


Line 2349:
<input type="button" value="Cancel" 
onclick="eval(\'memos.\'+\''.addcslashes($back,"'").'\')" />

$back is never properly escaped for JS...
They should use json_encode instead.

I can inject arbitrary JavaScript into a post request for the "back" parameter and have it come out in your browser.
Tested on plugin version 8.4.01.

-0xKizano

Comments

Post a Comment

Popular posts from this blog

Setup and Install Monero(d) -- p2pool -- xmrig

Image
Video Guide Text Guide Intro MineXMR is shutting down! What are we going to do?! OMG! Greetings and welcome to Kizano's FinTech where I teach you from zero to master in IT and DevOps. Nothing in this video is financial advice since I'm not a financial advisor. I'm an IT guy who's going to teach you some technical details about Monero as a service in Linux, the p2pool software to run the mining pool side chain and xmrig, some mining software that's required in order to start mining. Also, I trust you know the laws of your local juristiction. This is for education and information purposes only. If you're running short on time, feel free to use the timestamps below so you can get what you need and be on your day. If you found this helpful, it would be very grateful if you slapped that like button on your way out to ensure this video shows up at the top of search results for others seeking answers to the same questions I'm about to answer in this video. F...
Read more

Build xmrig on Linux

Hi all, So, I am getting into the crypto-mining space a bit and I wanted to share a few things I've learned. This whole experience has been teaching me a lot as of late! In this post, we'll be talking about xmrig what it is and how to compile it on Linux. I'm going to skip the wallet and other details as I wanted this post to be as context-specific and straight to the point as possible. Let's dive right in. What is xmrig??? My take on this is xmrig is a swiss army knife of a mininig tool that can be used for many algorithms and various coins. I mostly found and used this to mine Monero (XMR), so we'll take that as an example. xmrig supports both CPU and GPU minining, but not all algorithms are CPU- or GPU- friendly. Some are specific to either, so be mindful of what you are doing when you are setting this up. Let's dive into the build and running instructions and examples. Building xmrig I happen to be using d...
Read more

Pulseaudio: Multi-User Setup

Hello and welcome to my blog. If you are finding this page, then you might be in a similar situation I found myself when I wanted to share audio with different apps if they were being used by different user accounts on your local *nix machine when using Pulse audio. Credits to Eli Billauer and Dhole for the configuration directives I needed to make this possible. The Problem I have multiple user accounts on my system that run various apps, like my web browser, chat apps, email and more. I don't like everything running as myself and try to create a user account with just enough privileges to do what it needs to do. Pulseaudio (herein "Pulse") runs as myself when my desktop environment starts. Apps that run normally need to connect to Pulse in some fashion in order to listen to the microphone or play audio on the speakers. When the apps all run as the logged in user, this works great. When the apps run as someone else, this doesn't work or is inconsistent...
Read more