____ _ _ ____ ____ ____ ___ ____ (_ _)( )_( )( ___) (_ _)( ___)/ __)(_ _) )( ) _ ( )__) )( )__) \__ \ )( (__) (_) (_)(____) (__) (____)(___/ (__) __ __ __ _ _ __ ___ ____ ____ ( \/ ) /__\ ( \( ) /__\ / __)( ___)( _ \ ) ( /(__)\ ) ( /(__)\( (_-. )__) ) / (_/\/\_)(__)(__)(_)\_)(__)(__)\___/(____)(_)\_) XSS vulnerability in Links Alpha WordPress Plugin ------------------------------------- Vulnerability ID: Month Of Full Disclosure = MOFD2 ------------------------------------ Product: 1-click Retweet/Share/Like ------------------------------------- Vendor: LinksAlpha ( http://wordpress.org/extend/plugins/1-click-retweetsharelike/stats/ or http://www.linksalpha.com/) ------------------------------------- Vulnerable Version: 2.0.1 Which is current version and Probably Prior Versions ------------------------------------- Vendor Notification: 03 August 2010 Public Disclosure: 03 August 2010 ------------------------------------- Vulnerability Type: XSS (Cross Site Scripting) ------------------------------------- Status: Public Disclosure - Not Fixed, Vendor Alerted, Awaiting Vendor Response ------------------------------------- Risk level: Medium ------------------------------------- Credit: Martin Hall - TheTestManager Site = http://www.thetestmanager.com twitter = @thetestmanager Vulnerability Details: There exists multiple XSS errors in 1-click Retweet/Share/Like Wordpress Plugin. ------------------------------------- Potential Users Affected = minimum = ??? users It's a WordPress Plugin which is installed to sites on average 300-400 times a week ------------------------------------- Dork to find Vulnerable Sites (2) inurl:http://www.linksalpha.com/social?link= or src="http://www.linksalpha.com/social?link= Because it loads on sites in an Iframe the dork is not straight forward. ------------------------------------- Sample URL http://www.linksalpha.com/social?link=http%3A%2F%2Fsimplestrength.com%2F2010%2F06%2Fwarriors-come-out-to-play%2F&fc=28a2ttm--%22%3E%3Cscript%3Ealert%28%22TheTestManager.com-%20Month%20of%20Full%20disclosure%22%29%3C/script%3E&fs=arial&fblname=like ------------------------------------- Solution: Currently I'm not aware of any vendor-supplied patches or other solutions. If you are aware of more recent information related to this issue please notify me at: martin@hb-help.com Users are recommended to use NoScript or other XSS mitigating software Admins are adviced to keep an eye out for an update to the plugin. (Although as the issues affects code on LinksAlpha Site they should be able to fix the issue without a WordPress Plugin Update) ------------------------------------- Other Miscellany Information N/A