High-Tech Bridge Security Research Lab discovered XSS vulnerability in BackWPup WordPress Plugin, which can be exploited to perform cross-site scripting attacks against administrator of vulnerable application.
- Cross-Site Scripting (XSS) in BackWPup WordPress Plugin: CVE-2013-4626
The vulnerability exists due to insufficient filtration of user-supplied data in “tab” HTTP GET parameter passed to “/wp-admin/admin.php” script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
The exploitation example below uses “alert()” JavaScript function to display administrator’s cookies:
http://[host]/wp-admin/admin.php?page=backwpupeditjob&tab=%22%3E%3Cscript%3E alert%28document.cookie%29;%3C/script%3E