d3b7d652cc
5 changes to exploits/shellcodes PolicyKit-1 0.105-31 - Privilege Escalation Oracle WebLogic Server 14.1.1.0.0 - Local File Inclusion WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated) WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection (Authenticated) WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection (Unauthenticated)
20 lines
No EOL
1.2 KiB
Text
20 lines
No EOL
1.2 KiB
Text
# Exploit Title: WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
|
# Date: 25-10-2021
|
|
# Exploit Author: Ceylan Bozogullarindan
|
|
# Vendor Homepage: https://lenderd.com/
|
|
# Software Link: https://mortgagecalculatorsplugin.com/
|
|
# Version: 1.52
|
|
# Tested on: Linux
|
|
# CVE : CVE-2021-24904 (https://wpscan.com/vulnerability/7b80f89b-e724-41c5-aa03-21d1eef50f21)
|
|
|
|
|
|
# Description:
|
|
The plugin gives users real-time estimates by providing mortgage calculators. It does not implement any sanitisation on the color value of the background of a calculator in admin panel, which could lead to authenticated Stored Cross-Site Scripting issues. An attacker can execute malicious javascript codes for all visitors of a page containing the calculator.
|
|
|
|
|
|
# Steps To Reproduce:
|
|
1. Go to settings page available under the "Calculator" menu item.
|
|
2. Click the "Select Color" button and type the following payload the input space: `hacked</style></head><script>alert(1)</script>`
|
|
3. Click the "Save Changes" button to save settings.
|
|
4. Create a new page and add the shortcode ([mcwp type="cv"]) of the calculator, for testing.
|
|
5. Visit the page to trigger XSS. |