API tools faq
paste
Advertisement
ManhNho

CVE-2018-9172

ManhNho
Apr 12th, 2018
234
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.22 KB | None | 0 0
raw download clone embed print report
  1. # Exploit Title: WordPress Plugin WordPress File Upload 4.3.2 - Stored XSS
  2. # Date: 31/03/2018
  3. # Exploit Author: ManhNho
  4. # Vendor Homepage: https://www.iptanus.com/
  5. # Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip
  6. # Version: 4.3.2
  7. # Tested on: CentOS 6.5
  8. # CVE : CVE-2018-9172
  9. # Category : Webapps
  10.  
  11. 1. Description
  12. ===========
  13. WordPress File Upload is a WordPress plugin with more than 20.000 active
  14. installations.
  15. Version 4.3.2 (and possibly previous versions) are affected by a Stored XSS
  16. vulnerability in the admin panel ,related to the "Uploader Instances"
  17. functionality.
  18.  
  19. 2. Proof of Concept
  20. ===========
  21.  
  22. 1. Login to admin panel
  23. 2. Access to Wordpress File Upload Control Panel. In Uploader Instances
  24. function, choose and edit created Instance
  25. 3. In Plugin ID field, inject XSS pattern such as:
  26. <script>alert('ManhNho')</script> and click Update button
  27. 4. Access to Pages/Posts contain upload option, we got alert ManhNho
  28.  
  29. 3. References
  30. ===========
  31. https://www.iptanus.com/new-version-4-3-3-of-wordpress-file-upload-plugin/
  32. https://wordpress.org/plugins/wp-file-upload/#developers
  33. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9172
  34. https://www.exploit-db.com/exploits/44443/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!