Mingle Forum (WordPress Plugin) XSS Vulnerability



EKU-ID: 1766 CVE: OSVDB-ID:
Author: Number 7 Published: 2012-03-26 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


||\\      || ||       || |-\\          //-|  ____      ________           __________ 
|| \\     || ||       || | |\\        //| | |     \   |  ______|         |_______/ /
||  \\    || ||       || | | \\      // | | |  _   \  | |                       / /
||   \\   || ||       || | |  \\    //  | | | |_)  |  | |______    /\`'__\     / /
||    \\  || ||       || | |   \\  //   | | |  _  <   |  ______|   \ \ \/     / /
||     \\ || ||_______|| | |    \\//    | | | |_)  |  | |______     \ \_\    / /
||      \\|| |_________| |_|            |_| |_____/   |________|     \/_/   /_/
______________________
Made In Tunisia - 2012
Greetz:Lulz Boat !
______________________________________________________________________________________
# Exploit Title: [Mingle Forum (WordPress Plugin) XSS Vulnerability]
# Google Dork: [inurl:"?mingleforumaction=search"]
# Date: [25/03/2012]
# Author: [Number 7]~ Twitter:[@TunisianSeven]
                    ~ Blog:[http://tunisianseven.blogspot.com/]
# Software Link: [http://wordpress.org/extend/plugins/mingle-forum/]
# Version: [1.0.33]
# Tested on: [Linux]
______________________________________________________________________________________
Vulnerability description:
This script is vulnerable to Cross Site Scripting (XSS) attacks.

The impact of this vulnerability:
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a
vulnerable application to fool a user in order to gather data from them. An attacker
can steal the session cookie and take over the account, impersonating the user. It is
also possible to modify the content of the page presented to the user.

Attack details:
URL encoded POST input search_words was set to <ScRiPt >prompt(1337)</ScRiPt>
The input is reflected inside <title> tag.(Check line 24 in html source after injecting
                                                                               the code)
The input is reflected inside a text element.(check line 214 in html source after
                                                               injecting the code)

How to fix this vulnerability:
You should filter metacharacters from user input.

Example sites Vulnerabilities :

http://www.alternativesecologiques.net/forum/?mingleforumaction=search

http://www.kitchensurvival101.com/cooking/forum/?mingleforumaction=search

http://anonymous-tunisia.org/main/le-forum/?mingleforumaction=search
______________________________________________________________________________________