WordPress Videos Sync PDF 1.7.4 Cross Site Scripting

2022.04.24
Credit: UnD3sc0n0c1d0
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS) # Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ # Date: 2022-04-13 # Exploit Author: UnD3sc0n0c1d0 # Vendor Homepage: http://www.a-j-evolution.com/ # Software Link: https://downloads.wordpress.org/plugin/video-synchro-pdf.1.7.4.zip # Category: Web Application # Version: 1.7.4 # Tested on: CentOS / WordPress 5.9.3 # CVE : N/A # 1. Technical Description: The plugin does not properly sanitize the nom, pdf, mp4, webm and ogg parameters, allowing potentially dangerous characters to be inserted. This includes the reported payload, which triggers a persistent Cross-Site Scripting (XSS). # 2. Proof of Concept (PoC): a. Install and activate version 1.7.4 of the plugin. b. Go to the plugin options panel (http://[TARGET]/wp-admin/admin.php?page=aje_videosyncropdf_videos). c. Open the "Video example" or create a new one (whichever you prefer). d. Change or add in some of the displayed fields (Name, PDF file, MP4 video, WebM video or OGG video) the following payload: " autofocus onfocus=alert(/XSS/)>. e. Save the changes. "Edit" button. f. JavaScript will be executed and a popup with the text "XSS" will be displayed. Note: This change will be permanent until you modify the edited field.


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top