Advertisement
ManhNho

CVE-2018-9172

Apr 12th, 2018
247
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.22 KB | None | 0 0
  1. # Exploit Title: WordPress Plugin WordPress File Upload 4.3.2 - Stored XSS
  2. # Date: 31/03/2018
  3. # Exploit Author: ManhNho
  4. # Vendor Homepage: https://www.iptanus.com/
  5. # Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip
  6. # Version: 4.3.2
  7. # Tested on: CentOS 6.5
  8. # CVE : CVE-2018-9172
  9. # Category : Webapps
  10.  
  11. 1. Description
  12. ===========
  13. WordPress File Upload is a WordPress plugin with more than 20.000 active
  14. installations.
  15. Version 4.3.2 (and possibly previous versions) are affected by a Stored XSS
  16. vulnerability in the admin panel ,related to the "Uploader Instances"
  17. functionality.
  18.  
  19. 2. Proof of Concept
  20. ===========
  21.  
  22. 1. Login to admin panel
  23. 2. Access to Wordpress File Upload Control Panel. In Uploader Instances
  24. function, choose and edit created Instance
  25. 3. In Plugin ID field, inject XSS pattern such as:
  26. <script>alert('ManhNho')</script> and click Update button
  27. 4. Access to Pages/Posts contain upload option, we got alert ManhNho
  28.  
  29. 3. References
  30. ===========
  31. https://www.iptanus.com/new-version-4-3-3-of-wordpress-file-upload-plugin/
  32. https://wordpress.org/plugins/wp-file-upload/#developers
  33. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9172
  34. https://www.exploit-db.com/exploits/44443/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement