Advanced Page Visit Counter 1.0 – Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)

• Exploit Database
• 17 阅读

• 作者： Furkan ÖZER
  日期： 2024-02-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51785/

• # Exploit Title: Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site
  Scripting (XSS) (Authenticated)
  # Date: 11.10.2023
  # Exploit Author: Furkan ÖZER
  # Software Link: https://wordpress.org/plugins/advanced-page-visit-counter/
  # Version: 8.0.5
  # Tested on: Kali-Linux,Windows10,Windows 11
  # CVE: N/A
  
  
  # Description:
  Advanced Page Visit Counter is a remarkable Google Analytics alternative
  specifically designed for WordPress websites, and it has quickly become a
  must-have plugin for website owners and administrators seeking powerful
  tracking and analytical capabilities. With the recent addition of Enhanced
  eCommerce Tracking for WooCommerce, this plugin has become even more
  indispensable for online store owners.
  
  Homepage | Support | Premium Version
  
  If you’re in search of a GDPR-friendly website analytics plugin exclusively
  designed for WordPress, look no further than Advanced Page Visit Counter.
  This exceptional plugin offers a compelling alternative to Google Analytics
  and is definitely worth a try for those seeking enhanced data privacy
  compliance.
  
  This is a free plugin and doesn’t require you to create an account on
  another site. All features outlined below are included in the free plugin.
  
  Description of the owner of the plugin Stored Cross-Site Scripting attack
  against the administrators or the other authenticated users.
  
  The plugin does not sanitise and escape some of its settings, which could
  allow high privilege users such as admin to perform Stored Cross-Site
  Scripting attacks even when the unfiltered_html capability is disallowed
  (for example in multisite setup)
  
  The details of the discovery are given below.
  
  # Steps To Reproduce:
  1. Install and activate the Advanced Page Visit Counter plugin.
  2. Visit the "Settings" interface available in settings page of the plugin
  that is named "Widget Settings"
  3. In the plugin's "Today's Count Label" setting field, enter the payload
  Payload: " "type=image src=1 onerror=alert(document.cookie)> "
  6. Click the "Save Changes" button.
  7. The XSS will be triggered on the settings page when every visit of an
  authenticated user.
  
  
  # Video Link
  https://youtu.be/zcfciGZLriM