WordPress Plugin Videos sync PDF 1.7.4 – Stored Cross Site Scripting (XSS)

• Exploit Database
• 15 阅读

• 作者： UnD3sc0n0c1d0
  日期： 2022-04-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50874/

• # Exploit Title: WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS)
  # Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/
  # Date: 2022-04-13
  # Exploit Author: UnD3sc0n0c1d0
  # Vendor Homepage: http://www.a-j-evolution.com/
  # Software Link: https://downloads.wordpress.org/plugin/video-synchro-pdf.1.7.4.zip
  # Category: Web Application
  # Version: 1.7.4
  # Tested on: CentOS / WordPress 5.9.3
  # CVE : N/A
  
  # 1. Technical Description:
  The plugin does not properly sanitize the nom, pdf, mp4, webm and ogg parameters, allowing 
  potentially dangerous characters to be inserted. This includes the reported payload, which 
  triggers a persistent Cross-Site Scripting (XSS).
  
  # 2. Proof of Concept (PoC):
   a. Install and activate version 1.7.4 of the plugin.
   b. Go to the plugin options panel (http://[TARGET]/wp-admin/admin.php?page=aje_videosyncropdf_videos).
   c. Open the "Video example" or create a new one (whichever you prefer).
   d. Change or add in some of the displayed fields (Name, PDF file, MP4 video, WebM video or OGG video) 
  	the following payload:
  		" autofocus onfocus=alert(/XSS/)>.
   e. Save the changes. "Edit" button.
   f. JavaScript will be executed and a popup with the text "XSS" will be displayed.
  
  Note: This change will be permanent until you modify the edited field.