bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51507.txt
Exploit-DB ccfd0c515d DB: 2023-06-07 
3 changes to exploits/shellcodes/ghdb

Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)

Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)

GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)

Macro Expert 4.9 - Unquoted Service Path
2023-06-07 00:16:24 +00:00

34 lines
No EOL
2.2 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)
# Google Dork: inurl:/wp-content/plugins/cms-tree-page-view/
# Date: 2023-04-24
# Exploit Author: LEE SE HYOUNG (hackintoanetwork)
# Vendor Homepage: https://wordpress.org/plugins/cms-tree-page-view/
# Software Link: https://downloads.wordpress.org/plugin/cms-tree-page-view.1.6.6.zip
# Category: Web Application
# Version: 1.6.7
# Tested on: Debian / WordPress 6.1.1
# CVE : CVE-2023-30868
# Reference: https://patchstack.com/database/vulnerability/cms-tree-page-view/wordpress-cms-tree-page-view-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve
# 1. Technical Description:
The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7.
This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed.
# 2. Proof of Concept (PoC):
WordPress CMS Tree Page View Plugin <= 1.6.7 Cross-Site Scripting (XSS)
In the case of this vulnerability, there are two XSS PoCs available: one for version 1.6.6 and another for version 1.6.7.
1. CMS Tree Page View Plugin <= 1.6.6
a. Send the following URL to users with administrator privileges or higher: http://localhost:8888/wp-admin/edit.php?page=cms-tpv-page-post&post_type=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E.
b. your payload will be executed.[!] note : To make the payload work, the "In menu" option under Settings -> CMS Tree Page View -> Select where to show a tree for pages and custom post types needs to be enabled for posts.
2. CMS Tree Page View Plugin <= 1.6.7
a. Send the following URL to users with administrator privileges or higher: http://localhost:8888/wp-admin/edit.php?page=cms-tpv-page-post&post_type=%22+accesskey%3DC+onclick%3Djavascript%3Aalert%281%29%3B+a%3D%22.
b. Your payload will execute the script when the user presses Ctrl + Alt + c (Mac) or Alt + Shift + c (Windows).
[!] note : To make the payload work, the "In menu" option under Settings -> CMS Tree Page View -> Select where to show a tree for pages and custom post types needs to be enabled for posts.
Reference in a new issue View git blame Copy permalink