bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50874.txt
Offensive Security 093714dc70 DB: 2022-04-20 
21 changes to exploits/shellcodes

Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path
Microsoft Exchange Active Directory Topology 15.0.847.40 - 'Service MSExchangeADTopology' Unquoted Service Path
7-zip - Code Execution / Local Privilege Escalation
PTPublisher v2.3.4 - Unquoted Service Path
EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path
Zyxel NWA-1100-NH - Command Injection
ManageEngine ADSelfService Plus 6.1 - User Enumeration
Verizon 4G LTE Network Extender - Weak Credentials Algorithm
Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Request Forgery (CSRF)
Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS)
Delta Controls enteliTOUCH 3.40.3935 - Cookie User Password Disclosure

Scriptcase 9.7 - Remote Code Execution (RCE)
WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - SQL Injection
Easy Appointments 1.4.2 - Information Disclosure
WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS)
WordPress Plugin Popup Maker 1.16.5 - Stored Cross-Site Scripting (Authenticated)
REDCap 11.3.9 - Stored Cross Site Scripting
PKP Open Journals System 3.3 - Cross-Site Scripting (XSS)
WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated)
Fuel CMS 1.5.0 - Cross-Site Request Forgery (CSRF)
2022-04-20 05:01:45 +00:00

27 lines
No EOL
1.3 KiB
Text
Raw Blame History

# Exploit Title: WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS)
# Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/
# Date: 2022-04-13
# Exploit Author: UnD3sc0n0c1d0
# Vendor Homepage: http://www.a-j-evolution.com/
# Software Link: https://downloads.wordpress.org/plugin/video-synchro-pdf.1.7.4.zip
# Category: Web Application
# Version: 1.7.4
# Tested on: CentOS / WordPress 5.9.3
# CVE : N/A
# 1. Technical Description:
The plugin does not properly sanitize the nom, pdf, mp4, webm and ogg parameters, allowing
potentially dangerous characters to be inserted. This includes the reported payload, which
triggers a persistent Cross-Site Scripting (XSS).
# 2. Proof of Concept (PoC):
a. Install and activate version 1.7.4 of the plugin.
b. Go to the plugin options panel (http://[TARGET]/wp-admin/admin.php?page=aje_videosyncropdf_videos).
c. Open the "Video example" or create a new one (whichever you prefer).
d. Change or add in some of the displayed fields (Name, PDF file, MP4 video, WebM video or OGG video)
the following payload:
" autofocus onfocus=alert(/XSS/)>.
e. Save the changes. "Edit" button.
f. JavaScript will be executed and a popup with the text "XSS" will be displayed.
Note: This change will be permanent until you modify the edited field.
Reference in a new issue View git blame Copy permalink