Wordpress 5.3 XSS

2019.12.06
de Unkn0wn (DE) de
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

--------------------------------------------------------- # Exploit Title: Wordpress 5.3 - Cross-Site Scripting # Google Dork: N/A # Date: 2019-12-05 # Exploit Author: Unkn0wn (0x9a@tuta.io) # Vendor Homepage: https://wordpress.com # Software Link: https://wordpress.org/wordpress-5.3.zip # Version: 5.3 # Tested on: Ubuntu & XAMPP # CVE : N/A --------------------------------------------------------- Description: This vulnerability (XSS)occurs in the WordPress title. You can use it with a xss payload when you send new post! Now let's explain how it happens. PoC "XSS" wp_using_themes(): First in the "template-loader.php" file in lines "85,86" We can see the following code: * if ( ! $template ) { $template = get_index_template(); * And finally the theme returns for us: "96 - 105" lines * This code invokes Index page of the theme's for example (Twenty_Twenty) Now we see "index.php" twenty theme in lines " 62 - 64 " wp_kses_post : * <?php if ( $archive_title ) { ?> <h1 class="archive-title"><?php echo wp_kses_post( $archive_title ); ?></h1> <?php } ?> * return for us XSS Payload in title web index page!this is Hide. Demo: https://cdn1.imggmi.com/uploads/2019/12/3/e56e3cf112bb2cf78e78075120e14ea1-full.png https://cdn1.imggmi.com/uploads/2019/12/3/4f952dda2f01edc88460b93473a32ba7-full.png ---------------------------------------------------------- # We Are : AloneGhost - VeNoM - Agent Haze - Old_One - Unkn0wn # https://Github.com/0x9a


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top