c5397147d9
7 changes to exploits/shellcodes Teleport v10.1.1 - Remote Code Execution (RCE) TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE) Feehi CMS 2.1.1 - Remote Code Execution (RCE) (Authenticated) Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS) Aero CMS v0.0.1 - SQLi Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)
24 lines
No EOL
1.2 KiB
Text
24 lines
No EOL
1.2 KiB
Text
# Exploit Title: Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)
|
|
# Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/
|
|
# Date: 2022-08-24
|
|
# Exploit Author: UnD3sc0n0c1d0
|
|
# Vendor Homepage: https://profiles.wordpress.org/3dady/
|
|
# Software Link: https://downloads.wordpress.org/plugin/3dady-real-time-web-stats.zip
|
|
# Category: Web Application
|
|
# Version: 1.0
|
|
# Tested on: Debian / WordPress 6.0.1
|
|
# CVE : N/A
|
|
|
|
# 1. Technical Description:
|
|
The 3dady real-time web stats WordPress plugin is vulnerable to stored XSS. Specifically in the dady_input_text
|
|
and dady2_input_text fields because the user's input is not properly sanitized which allows the insertion of
|
|
JavaScript code that can exploit the vulnerability.
|
|
|
|
# 2. Proof of Concept (PoC):
|
|
a. Install and activate version 1.0 of the plugin.
|
|
b. Go to the plugin options panel (http://[TARGET]/wp-admin/admin.php?page=3dady).
|
|
c. Insert the following payload in any of the visible fields (dady_input_text or dady2_input_text):
|
|
" autofocus onfocus=alert(/XSS/)>
|
|
d. Save the changes and immediately the popup window demonstrating the vulnerability (PoC) will be executed.
|
|
|
|
Note: This change will be permanent until you modify the edited fields. |