WordPress Plugin 3dady real-time web stats 1.0 – Stored Cross Site Scripting (XSS)

• Exploit Database
• 21 阅读

• 作者： UnD3sc0n0c1d0
  日期： 2022-09-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51021/

• # Exploit Title: WordPress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)
  # Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/
  # Date: 2022-08-24
  # Exploit Author: UnD3sc0n0c1d0
  # Vendor Homepage: https://profiles.wordpress.org/3dady/
  # Software Link: https://downloads.wordpress.org/plugin/3dady-real-time-web-stats.zip
  # Category: Web Application
  # Version: 1.0
  # Tested on: Debian / WordPress 6.0.1
  # CVE : N/A
  
  # 1. Technical Description:
  The 3dady real-time web stats WordPress plugin is vulnerable to stored XSS. Specifically in the dady_input_text 
  and dady2_input_text fields because the user's input is not properly sanitized which allows the insertion of 
  JavaScript code that can exploit the vulnerability.
  
  # 2. Proof of Concept (PoC):
  a. Install and activate version 1.0 of the plugin.
  b. Go to the plugin options panel (http://[TARGET]/wp-admin/admin.php?page=3dady).
  c. Insert the following payload in any of the visible fields (dady_input_text or dady2_input_text):
  		" autofocus onfocus=alert(/XSS/)>
  d. Save the changes and immediately the popup window demonstrating the vulnerability (PoC) will be executed.
  
  Note: This change will be permanent until you modify the edited fields.