Vulnerabilities in the plugin

  • Hello Evaluate Plugin developers!

    Our security team from Quantika14 just found some vulnerabilities in your plugin (Evaluate).

    ============Vulnerabilities

    – Cross Site Scripting

    Because any variable is sanitized properly when is managed by the plugin, you can inject malicious JavaScript code that can leads in a session hijack (stealing the cookie), phising, or any other bad scenario that the attacker can imagen (injecting JavaSript he have full control on victim browser). To do that, the attacker only need to send to the administrador a crafted web with an hidden iframe and an autosubmit form. Even if the attacker can not set the nonce parameter in the form, he does not need it: with the Ajax preview the javascript malicious code is executed automatically. In order to check it, you can try to fill the metric name with “><script>alert(document.cookie)</script> and check the result.

    ===========Fixes

    To fix this vulnerability you only need to clean the parameters provided by the user, eliminating any non-alphanumeric character (except _ and -) or escaping it with any functions (for example changing < for < ).

    IF you need some proof of concepts, or need more information about how to fix the vulnerabilities, please feel free to send us a e-mail.

    https://www.ads-software.com/plugins/evaluate/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter M0thr4

    (@m0thr4)

    (for example changing < for & lt )*

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    If you have not done so already can you please send the details to plugins [at] www.ads-software.com and they can evaluate the problem as well as contact the author directly.

    That’s the best way to get this looked at and resolved.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Vulnerabilities in the plugin’ is closed to new replies.