Live Chat Unlimited v2.8.3 Stored XSS Injection

2019.06.25
ru m0ze (RU) ru
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

/*! * ::- Title: Live Chat Unlimited v2.8.3 Stored XSS Injection * ::- Author: m0ze * ::- Date: 2019/06/25 * ::- Software: Live Chat Unlimited v2.8.3 */ ::- Details & Description -:: ~ Weak security measures like bad input field data filtering has been discovered in the «Live Chat Unlimited». Current version of this premium WordPress plugin is 2.8.3. ::- Demo Website -:: ~ https://codecanyon.net/item/wordpress-live-chat-plugin/3952877 ~ Frontend: https://screets.com/ ::- Special Note -:: ~ 7.602 Sales, $75 ::- Google Dork -:: ~ inurl:"wp-content/plugins/screets-lcx" ::- PoC Links -:: ~ - ::- PoC [Stored XSS Injection] -:: ~ Go to the demo website https://screets.com/try/lcx/night-bird/ and open chat window by clicking on «Open/close» link, then click on «Online mode» to go online. Use your payload inside input field and press [Enter]. Provided exaple payloads working on the admin area, so it's possible to steal admin cookies or force a redirect to any other website. ~ Example #1: <!--<img src="--><img src=x onerror=(alert)(`m0ze`)//">m0ze ~ Example #2: <!--<img src="--><img src=x onerror=(alert)(document.cookie)//">m0ze

References:

https://codecanyon.net/item/wordpress-live-chat-plugin/3952877


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top