Full Disclosure – Multiple XSS holes in 1-click Retweet/Share/Like WordPress Plugin
Month Of Full Disclosure
1-Click Retweet/Share/Like Lets users Retweet, Share and Like pages from your site back to their Twitter followers and Facebook friends with just one click. The user experience is similar to Facebook Like button but expanded to Twitter and Facebook Share.
The above WordPress Plugin has multiple Cross Site Scripting (XSS) Bugs due to the “fc” the “fs” and also the “fblname” Parameters not correclty sanitising data input
This was discovered in a routine security check on my own site, where up until yesterday I was like hundreds of other wordpress sites running the above plugin.
The plugin does not integrate whoely with the worpress blog and instead it calls home via an IFrame which is where the XSS hole exists.
Every site which has this plugin would therefore call the vunerable URL however that URL due to being an Iframe exists on the vendors site. (http://www.linksalpha.com)
This mitigates the risk of the WordPress Plugin against the site hosting it. However due to poularity of the plugin, it is deemed still to be a medium risk issue. Plus the fact that there may and most likely are other issues with the plugin which I have not taken the time to research.
See below for the disclosure.
XSS vulnerability in Links Alpha WordPress Plugin
————————————-
Vulnerability ID: Month Of Full Disclosure = MOFD2
————————————
Product: 1-click Retweet/Share/Like
————————————-
Vendor: Links Alpha ( http://wordpress.org/extend/plugins/1-click-retweetsharelike/stats/
or http://www.linksalpha.com/)
————————————-
Vulnerable Version: 2.0.1 Which is current version and Probably Prior Versions
————————————-
Vendor Notification: 03 August 2010
Public Disclosure: 03 August 2010
————————————-
Vulnerability Type: XSS (Cross Site Scripting)
————————————-
Status: Public Disclosure – Not Fixed, Vendor Alerted,
Awaiting Vendor Response
————————————-
Risk level: Medium
————————————-
Credit: Martin Hall – TheTestManager
Site = http://www.thetestmanager.com
twitter = @thetestmanager
Vulnerability Details:
There exists multiple XSS errors in 1-click Retweet/Share/Like WordPress Plugin.
————————————-
Potential Users Affected = minimum = ??? users
It’s a WordPress Plugin which is installed to sites on average 300-400 times a week
————————————-
Dork to find Vulnerable Sites (2)
inurl:http://www.linksalpha.com/social?link=
or
src=”http://www.linksalpha.com/social?link=
Because it loads on sites in an Iframe the dork is not straight forward.
————————————-
Sample URL
http://www.linksalpha.com/social?link=http%3A%2F%2Fsimplestrength.com%2F2010%2F06%2Fwarriors-come-out-to-play%2F&fc=28a2ttm–%22%3E%3Cscript%3Ealert%28%22TheTestManager.com-%20Month%20of%20Full%20disclosure%22%29%3C/script%3E&fs=arial&fblname=like
————————————-
Solution:
Currently I’m not aware of any vendor-supplied patches or other solutions.
If you are aware of more recent information related to this issue please notify me at: martin@hb-help.com
Users are recommended to use NoScript or other XSS mitigating software
Admins are adviced to keep an eye out for an update to the plugin.
(Although as the issues affects code on LinksAlpha Site they should be able to fix the issue without a WordPress Plugin Update)
————————————-
Other Miscellany Information
N/A
Thank you so much for posting about 1-Click Retweet/Share/Like I was having the same cross-script issue and couldnt find the cause until your article! Thanks for sharing.