Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
banner Expire 25 April 2025
adv ex on 22 February 2024
Kfc Club

Patrick Stash
banner expire at 13 August 2024
BidenCash Shop
banner Expire 10 May 2025
Money Club cc shop
Luki Crown
Wizard's shop 2.0
Trump cc shop
Blackstash cc shop
Yale lodge shop
UniCvv
banner Expire 1 April 2021

WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS

P

Premiums

TRUSTED VENDOR
Joined
Dec 5, 2020
Messages
2,725
WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS


Code:
# WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS

# Vendor Homepage: http://www.wpdownloadmanager.com
# Software Link: https://wordpress.org/plugins/download-manager
# Affected Versions: Free 2.7.94 & Pro 4
# Tested on: WordPress 4.2.2

# Discovered by Filippos Mastrogiannis
# Twitter: @filipposmastro
# LinkedIn: https://www.linkedin.com/pub/filippos-mastrogiannis/68/132/177

-- Description --

This stored XSS vulnerability allows any authenticated wordpress user
to inject malicious code via the name of the uploaded file:
e.g. <svg onload=3D3Dalert(0)>.jpg

The vulnerability exists because the file name is not properly sanitized
and this can lead to malicious code injection that will be executed on the
target=3DE2=3D80=3D99s browser

-- Proof of Concept --

1. The attacker creates a new download package via the plugin's menu
and uploads a file with the name: <svg onload=3D3Dalert(0)>.jpg

2. The stored XSS can be triggered when an authenticated user (e.g. admin)
attempts to edit this download package

-- Solution --

Upgrade to the latest version
 
You must log in or register to reply here.

Online statistics

Members online
321
Guests online
731
Total visitors
1,052
Totals may include hidden visitors.

Latest posts

Newest members

Stay Connected

Top Bottom