Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Sucuri have released a security advisory stating a DANGEROUS Persistent XSS Vulnerability in WP-Super Cache plugin used by Millions of Wordpress websites (according to wordpress.org).

The Vulnerability

This vulnerability could be leveraged by an attacker by creating a carefully crafted query, further used to insert malicious scripts to the plugin's cached file listing page.

"As this page requires a valid nonce in order to be displayed, a successful exploitation would require the sites administrator to have a look at that particular section, manually", states the report.

Attacker could simply create fresh administrator account to the site, inject bakcdoors by using WordPress theme edition tools, etc., upon successful execution of the injected scripts.

Technical Details

The issue lies in the way WP-Super-Cache would display information stored in cache files key, which is used by the plugin to decide what cache file must be loaded.

wordpress xss vulnerability

As you can see from the above, the $details[ key ] is directly appended to the pages content, without being sanitized first ($details[ uri ] is sanitized somewhere else, before this snippet).

wordpress xss vulnerability

As the key index of the $details variable contains theget_wp_cache_key() functions return (which contains data coming straight from the users cookies), an attacker can insert malicious scripts on the page.

Mitigation

An updated version of the plugin is available in which this vulnerability has been patched. The site admins are advised to update the WP-Super Cache plugin to latest available version i.e. 1.4.4.

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.