Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin
.. contents:: Table Of Content
Overview
- Title :Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin
- Author: Kaustubh G. Padwad, Rohit Kumar.
- Plugin Homepage: https://yoast.com/wordpress/plugins/google-analytics/
- Severity: Medium
- Version Affected: Version 5.3.2 and mostly prior to it
- Version Tested : Version 5.3.2
- version patched:
Description
Vulnerable Parameter
- Current UA-Profile
- Manually enter your UA code
- Label for those links
- Set path for internal links to track as outbound links:
- Subdomain tracking:
- Extensions of files to track as downloads:
About Vulnerability
This plugin is vulnerable to a Stored Cross Site Scripting vulnerability,This issue was exploited when administrator users with access to "Google Analytics by Yoast" Setting in wordpress above listed vulnerable parameter is vulnerable for stored XSS. A malicious administration can hijack other users session, take control of another administrator's browser or install malware on their computer.
Vulnerability Class
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)
Steps to Reproduce: (POC)
After installing the plugin
- Goto settings --> Google Analytics by Yoast
- Input this payload in "Manually enter your UA code" :- v style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x
- Click on the Save Changes button and navigate your cursor to input box,you will see XSS in action
- Reload the page or re navigate to page to make sure its stored ;)
 |
| POC |
Mitigation
Change Log
Disclosure
22-February-2015 Reported to developer
25-February-2015 Fixed by developer
05-March-2015 Issue Closed with team.
06-March-2015 Public Discloser
25-February-2015 Fixed by developer
05-March-2015 Issue Closed with team.
06-March-2015 Public Discloser
credits
- Kaustubh Padwad & Rohit Kumar
- Information Security Researcher
- kingkaustubh@me.com & kumarrohit2255@gmail.com
- https://twitter.com/s3curityb3ast
- https://twitter.com/rkumars3c
- http://breakthesec.com
- https://www.linkedin.com/in/kaustubhpadwad
Thanks for your informative post. Your article helped me a lot to understand the future of digital marketing. SEO Training in Chennai | Digital Marketing Training in Chennai
ReplyDeleteDigital Marketing is a kind of marketing strategy that relies on electronic medium like television, internet and mobile in promoting a product. It delivers incredible result to the business owners to boost their business online presence and enjoy maximum leads. SEO Training in Chennai | SEO Course in Chennai
ReplyDelete