WordPress Plugin Mortgage Calculators WP 1.52 – Stored Cross-Site Scripting (XSS) (Authenticated)

• Exploit Database
• 20 阅读

• 作者： Ceylan BOZOĞULLARINDAN
  日期： 2022-01-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50685/

• # Exploit Title: WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated)
  # Date: 25-10-2021
  # Exploit Author: Ceylan Bozogullarindan
  # Vendor Homepage: https://lenderd.com/
  # Software Link: https://mortgagecalculatorsplugin.com/
  # Version: 1.52
  # Tested on: Linux
  # CVE : CVE-2021-24904 (https://wpscan.com/vulnerability/7b80f89b-e724-41c5-aa03-21d1eef50f21)
  
  
  # Description:
  The plugin gives users real-time estimates by providing mortgage calculators. It does not implement any sanitisation on the color value of the background of a calculator in admin panel, which could lead to authenticated Stored Cross-Site Scripting issues. An attacker can execute malicious javascript codes for all visitors of a page containing the calculator.
  
  
  # Steps To Reproduce:
  1. Go to settings page available under the "Calculator" menu item.
  2. Click the "Select Color" button and type the following payload the input space: `hacked</style></head><script>alert(1)</script>`
  3. Click the "Save Changes" button to save settings.
  4. Create a new page and add the shortcode ([mcwp type="cv"]) of the calculator, for testing.
  5. Visit the page to trigger XSS.