HTB23161: XSS in BackWPup WordPress Plugin

Viewing 0 reply threads
  • Author
    Posts
    • #8566
      AndyP
      Participant

      Advisory ID: HTB23161
      Product: BackWPup WordPress Plugin
      Vendor: Inpsyde GmbH
      Vulnerable Versions: 3.0.12 and probably prior
      Tested Version: 3.0.12
      Vendor Notification: June 19, 2013
      Vendor Fix: August 12, 2013
      Public Disclosure: August 21, 2013
      Latest Update: August 13, 2013
      Vulnerability Type: Cross-Site Scripting [CWE-79]
      CVE Reference: CVE-2013-4626
      Risk Level: Low
      CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
      Solution Status: Fixed by Vendor
      Discovered and Provided: High-Tech Bridge Security Research Lab

      Advisory Details:
      High-Tech Bridge Security Research Lab discovered XSS vulnerability in BackWPup WordPress Plugin, which can be exploited to perform cross-site scripting attacks against administrator of vulnerable application.

      1) Cross-Site Scripting (XSS) in BackWPup WordPress Plugin: CVE-2013-4626
      The vulnerability exists due to insufficient filtration of user-supplied data in “tab” HTTP GET parameter passed to “/wp-admin/admin.php” script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
      The exploitation example below uses “alert()” JavaScript function to display administrator’s cookies:
      http://[host]/wp-admin/admin.php?page=backwpupeditjob&tab=%22%3E%3Cscript%3Ealert%28document.cookie% 29;%3C/script%3E

      Solution:
      Upgrade to BackWPup 3.0.13

      More Information:
      http://wordpress.org/plugins/backwpup/changelog/

      References:
      [1] High-Tech Bridge Advisory HTB23161 – https://www.htbridge.com/advisory/HTB23161 – Cross-Site Scripting (XSS) in BackWPup WordPress Plugin.
      [2] BackWPup WordPress Plugin – http://wordpress.org/plugins/backwpup/ – BackWPup is the All-in-One backup solution for WordPress.
      [3] Common Vulnerabilities and Exposures (CVE) – http://cve.mitre.org/ – international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
      [4] Common Weakness Enumeration (CWE) – http://cwe.mitre.org – targeted to developers and security practitioners, CWE is a formal list of software weakness types.

Viewing 0 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2022 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?