c249d94cb7
28 changes to exploits/shellcodes gif2apng 1.9 - '.gif' Stack Buffer Overflow VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 - Memory Corruption (PoC) Kaspersky KSN for Linux 5.2 - Memory Corruption Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service Adobe Flash - Overflow when Playing Sound Adobe Flash - Overflow in Slab Rendering Adobe Flash - Info Leak in Image Inflation Adobe Flash - Out-of-Bounds Write in blur Filtering Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion R 3.4.4 - Local Buffer Overflow Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH) lastore-daemon D-Bus - Privilege Escalation (Metasploit) Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass) ASUS infosvr - Auth Bypass Command Execution (Metasploit) UK Cookie Consent - Persistent Cross-Site Scripting WUZHI CMS 4.1.0 - Cross-Site Request Forgery Open-AudIT 2.1 - CSV Macro Injection Monstra CMS 3.0.4 - Arbitrary Folder Deletion Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes) Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes) Linux/x86 - chmod 4755 /bin/dash Shellcode (33 bytes) Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)
51 lines
No EOL
2.1 KiB
Text
51 lines
No EOL
2.1 KiB
Text
# Exploit Title: UK Cookie Consent v2.3.9 - Persistent Cross-Site Scripting
|
|
# Date: 2018-04-22
|
|
# Exploit Author: B0UG
|
|
# Vendor Homepage: https://catapultthemes.com/
|
|
# Software Link: https://en-gb.wordpress.org/plugins/uk-cookie-consent/#description
|
|
# Version: Tested on version 2.3.9 (older versions may also be affected)
|
|
# Tested on: WordPress
|
|
# Category : Webapps
|
|
# CVE: CVE-2018-10310
|
|
|
|
I. VULNERABILITY
|
|
-------------------------
|
|
Persistent Cross-Site Scripting
|
|
|
|
II. BACKGROUND
|
|
-------------------------
|
|
UK Cookie Consent is a WordPress plugin which has been designed to display cookie consent notifications on a WordPress website.
|
|
|
|
III. DESCRIPTION
|
|
-------------------------
|
|
A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser.
|
|
|
|
IV. PROOF OF CONCEPT
|
|
-------------------------
|
|
1) Access WordPress control panel.
|
|
2) Navigate to the 'Pages'.
|
|
3) Add a new page and insert the script you wish to inject into the page title.
|
|
4) Now navigate to 'Settings' and select 'Cookie Consent'.
|
|
5) Now click on the 'Content' tab.
|
|
6) Your injected script will now be executed.
|
|
|
|
V. IMPACT
|
|
-------------------------
|
|
An attacker can execute malicious code in a victim user's browser to perform various activities such as stealing cookies, session tokens, credentials and personal data amongst others.
|
|
|
|
VI. SYSTEMS AFFECTED
|
|
-------------------------
|
|
WordPress websites running "UK Cookie Consent" plugin version 2.3.9 (older versions may also be affected).
|
|
|
|
VII. REMEDIATION
|
|
-------------------------
|
|
Update to the latest version available. Implement a web application such as Wordfence.
|
|
|
|
VIII. DISCLOSURE TIMELINE
|
|
-------------------------
|
|
April 22, 2018 1: Vulnerability identified.
|
|
April 22, 2018 2: Informed developer of the vulnerability.
|
|
April 23, 2018 3: Developer acknowledged the vulnerability.
|
|
April 23, 2018 4: Developer issued a security patch.
|
|
|
|
Special thanks goes to the team at Catapult Themes for their fast response, great understanding and patching the issue. |