• We’ve been alerted to an XSS vulnerability on our client’s site caused by the OptiMonk plugin. By appending URL parameters like the following to a WordPress page using the OptiMonk plugin:

    ?utm_source=blog&utm_campaign=guess%
    20who&utm_medium=sidebar%20widget<Script >alert(\"
    HelloSIG\")</Script>

    You will get broken adapter output written to the response in the footer (which appears to the visitor) and unescaped paramaters in the javascript:

    <script type="text/javascript">
        document.querySelector('html').addEventListener('optimonk#ready', function () {
        var adapter = OptiMonk.Visitor.createAdapter();
        adapter.attr("wp_utm_campaign", "guess% 20who");
       adapter.attr("wp_utm_medium", "sidebar widget<Script >alert(\\\" HelloSIG\\\")</Script>");
       adapter.attr("wp_utm_source", "blog");
       adapter.attr("wp_source", "");
       adapter.attr("wp_referrer", "Direct");
       adapter.attr("wp_visitor_type", "administrator");
       adapter.attr("wp_visitor_login_status", "logged in");
       adapter.attr("wp_visitor_id", "1");
       adapter.attr("wp_page_title", "Page not found | ");
       adapter.attr("wp_post_type", "unknown");
       adapter.attr("wp_post_type_with_prefix", "");
       adapter.attr("wp_post_categories", "");
       adapter.attr("wp_post_tags", "");
       adapter.attr("wp_post_author", "");
       adapter.attr("wp_post_full_date", "");
       adapter.attr("wp_post_year", "");
       adapter.attr("wp_post_month", "");
       adapter.attr("wp_post_day", "");
       adapter.attr("wp_is_front_page", "0");
       adapter.attr("wp_is_home", "1");
       adapter.attr("wp_search_query", "");
       adapter.attr("wp_search_results_count", "0");
    });
    </script>
    <!-- WooCommerce JavaScript -->
    <script type="text/javascript">
    jQuery(function($) { 
    tvc_lc="USD";
    
    tvc_smd={"tvc_wcv":"3.0.8","tvc_wpv":"4.7.5","tvc_eev":"1.0.21","tvc_cnf":{"t_ee":"yes","t_df":false,"t_gUser":true,"t_UAen":"no","t_thr":"1"}};
     });
    </script>

    snip 20170711145843

    • This topic was modified 4 months, 1 week ago by  cypressnorth.
  • You must be logged in to reply to this topic.