d2b0bf596b
10 changes to exploits/shellcodes Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF) FatPipe Networks WARP 10.2.2 - Authorization Bypass FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download (Unauthenticated) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting (XSS) (Authenticated) WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Ultimate Maps 1.2.4 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting (XSS)
21 lines
No EOL
1 KiB
Text
21 lines
No EOL
1 KiB
Text
# Exploit Title: WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
|
# Date: 06-08-2021
|
|
# Exploit Author: Nosa Shandy (Apapedulimu)
|
|
# Vendor Homepage: https://translatepress.com/
|
|
# Software Link: https://wordpress.org/plugins/translatepress-multilingual/
|
|
# Reference: https://wpscan.com/vulnerability/b87fcc2f-c2eb-4e23-9757-d1c590f26d3f
|
|
# Version: 2.0.6
|
|
# Tested on: macOS 11.4
|
|
# CVE : CVE-2021-24610
|
|
|
|
Description:
|
|
The plugin does not implement a proper filter on the 'translated' parameter when input to the database. The 'trp_sanitize_string' function only check the "<script></script>" with the preg_replace, the attacker can use the HTML Tag to execute javascript.
|
|
|
|
Step To Reproduce:
|
|
1. Go to http://localhost:8888/wordpress/?trp-edit-translation=true
|
|
2. Input Gettext String
|
|
3. Input the payload such as <img src=x onerror=alert(4)>
|
|
4. Save, The payload will be executed.
|
|
5. Look on the homepage will be affected.
|
|
|
|
Video : https://drive.google.com/file/d/1PnvjHuKCvjmom6xz_sxNLBu3jixCiHy_/view?usp=sharing |