WP Plugin Security: When the genius is out for lunch

I am in the mood for some more ranting… Why am I doing this? The low security level in the WordPress community aggravates me. And I care about the security of WordPress users out there. So here goes the next issue.

It’s a rather insignificant XSS security vulnerability but since the WP theme’s author runs the Website GeniusHackers.com and his Swift theme for WordPress is getting more than 2000 downloads per week you might be interested in this.

There is a simple XSS hole in search.php of the Swift theme. GET parameter ‘s’ does not get sanitized or even touched. Go to GeniusHackers.com, paste this into the search box and press enter for a live demo.

<style>*{visibility:hidden}html,body{visibility:visible}</style><div style=visibility:visible;line-height:150px;font-size:200px;color:green;position:absolute;top:0;left:0;padding:0;margin:0;background-color:red;width:10000px;height:10000px;margin-left:-200px;margin-top:-300px;padding-top:100px>XSS XSS XSS XSS XSS<script>alert(String.fromCharCode(88)+String.fromCharCode(83)+ String.fromCharCode(83))</script></div>

If a red page appears containing ‘XSS’ and a JS alert box containing ‘XSS’, the genius hacker has not yet fixed it.

You may want to check your own blog the same way. If it is vulnerable, search for something like this in your theme’s PHP files:

Search results for "<?php echo $_GET['s']; ?>"

and replace with

Search results for "<?php the_search_query(); ?>"

Search result page might still look ugly after a XSS attempt but at least nothing gets injected and rendered or even executed.

Update: Theme has been updated. Download the updated version with WordPress.org. See SwiftThemes.com for more information.


Posted

in

by

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.