WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 – Persistent Cross-Site Scripting

• Exploit Database
• 124 阅读

• 作者： Shahab.ra.9
  日期： 2020-02-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48088/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

  # Exploit Title: WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting # Date: 2020-02-15 # Exploit Author: Shahab.ra.9 # Vendor Homepage: https://products-filter.com/ # Software Link: https://wordpress.org/plugins/woocommerce-products-filter/ # Version: 1.2.3 # Tested on: windows 10 # WOOF - Products Filter for WooCommerce   Exploit: http://target/wp-admin/admin.php?page=wc-settings&tab=woof   now in tab "design" -> then enter (xss code) in the (textfields) front side ->(Text for block toggle ,Text for block toggle , Custom front css styles file link). then click on button "save changes". then refresh page ,now you see the execution of xss code ,then refersh frontend page site -> "http://target/shop/ " or frontend pages used this plugin the execution of xss code.   Demo Poc:   http://target/wp-admin/admin.php?page=wc-settings&tab=woof   now in tab "design" -> then enter ( ";</script><img src=1 onerror="alert(<code>xss store bug -> shahab.ra.9</code>);"><script>var1="1 ) in the (textfields) front side ->(Text for block toggle ,Text for block toggle and Custom front css styles file link). then click on button "save changes".