c385c8068c
6 changes to exploits/shellcodes WordPress Plugin LearnPress 3.2.6.7 - 'current_items' SQL Injection (Authenticated) WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting (XSS) Dolibarr ERP/CRM 10.0.6 - Login Brute Force PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode
17 lines
No EOL
849 B
Text
17 lines
No EOL
849 B
Text
# Exploit Title: WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting (XSS)
|
|
# Date: 18/07/2021
|
|
# Exploit Author: Vikas Srivastava
|
|
# Vendor Homepage:
|
|
# Software Link: https://wordpress.org/plugins/mimetic-books/
|
|
# Version: 0.2.13
|
|
# Category: Web Application
|
|
# Tested on Mac
|
|
|
|
How to Reproduce this Vulnerability:
|
|
|
|
1. Install WordPress 5.7.2
|
|
2. Install and activate Mimetic Books
|
|
3. Navigate to Settings >> Mimetic Books API and enter the XSS payload into the Default Publisher ID input field.
|
|
4. Click Save Changes.
|
|
5. You will observe that the payload successfully got stored into the database and when you are triggering the same functionality at that time JavaScript payload is executing successfully and we are getting a pop-up.
|
|
6. Payload Used: "><script>alert(document.cookie)</script> |