WordPress Ultimate Affiliate Pro 3.6 Cross Site Scripting
Posted on 26 July 2017
# Exploit Title: Ultimate Affiliate Pro WordPress Plugin <= v3.6 - Authenticated Stored XSS # Date: 2017-07-24 # Exploit Author: 8bitsec # Vendor Homepage: http://affiliate.wpindeed.com/ # Software Link: https://codecanyon.net/item/ultimate-affiliate-pro-wordpress-plugin/16527729 # Version: 3.6 # Tested on: [Kali Linux 2.0 | Mac OS 10.12.5] # Email: contact@8bitsec.io # Contact: https://twitter.com/_8bitsec Release Date: ============= 2017-07-24 Product & Service Introduction: =============================== Ultimate Affiliate Pro is the newest and most completed Affiliate WordPress Plugin that allow you provide a premium platform for your Affiliates with different rewards and amounts based on Ranks or special Offers. Technical Details & Description: ================================ Multiple Stored XSS vulnerabilities found logged as a low privileged user. Proof of Concept (PoC): ======================= Authenticated Stored XSS: Logged as an affiliate, a low privileged user. Profile > Edit Account. Write the payload in the 'Last Name' input area: jaVasCript:/*-/*`/*`/*'/*"/**/(/* */oNMouseoVer=alert(document.domain) ) Other fields may be vulnerable. Authenticated Stored XSS: Logged as an affiliate, a low privileged user. Marketing > Campaigns > Add New Campaign. Write the payload on the 'Name' input field: <svg/onload=alert(document.domain)> Credits & Authors: ================== 8bitsec - [https://twitter.com/_8bitsec]