#Title: Wordpress Redirection Plugin <=2.2.9 Lazy XSS #Date: 2011-10-05 #Author: dotxed (dotxed(at)googlemail.com @dotxed) #Software Link: http://wordpress.org/extend/plugins/redirection/ #Version: 2.2.9 (tested) ----------------------- Info ----------------------- One feature of the Plugin allows you to log 404-erros on your wordpress site. The Plugin saves the requested URL, timestamp, IP and the referrer, which can be seen in the wordpress plugin menu. ------------------------ PoC ----------------------- The referrer is not santinized proberbly. It allows you to store XSS in the wordpress backend (affects privileged users only) Visit a 404-page of the target wordpress Site and change the referrer to "/> to place your XSS inside the blog backend. ----------------------- Fix ----------------------- After contacting the writer of this plugin, he rolled out a new version. Version 2.2.10 is not affected by these XSS issues. More information can be seen on http://goo.gl/956D7 (only german) ----------------------- Finally... ----------------------- Greetings to everyone! .___ __ .___ __| _/_____/ |____ ___ ____ __| _/ / __ |/ _ \ __\ \/ // __ \ / __ | / /_/ ( <_> ) | > <\ ___// /_/ | \____ |\____/|__| /__/\_ \\___ >____ | \/ \/ \/ \/