Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- WordPress Netroics Blog Posts Grid 1.0 Cross Site Scripting[6]
- Authored by yunaranyancat[7], syad[8], saitamang[9]
-
WordPress Netroics Blog Posts Grid plugin version 1.0 suffers from a persistent cross site scripting vulnerability.
- SHA-256 |
b3d405cb85b13bbc7ce012fa78fbea1849c6e806e527e6bdfbb12ec9bd1eb61e - Download[10] | Favorite[11] | View[12]
Change Mirror[13] Download[14]
# Exploit Title: Stored XSS in post_title parameter in WordPress Plugin "Netroics Blog Posts Grid" v1.0
# Date: 08/08/2022
# Exploit Author: saitamang, syad, yunaranyancat
# Vendor Homepage: wordpress.org
# Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip
# Version: 1.0
# Tested on: Centos 7 apache2 + MySQL
WordPress Plugin "Netroics Blog Posts Grid" is prone to a stored cross-site scripting (XSS) vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress Plugin "Netroics Blog Posts Grid" version 1.0 is vulnerable; prior versions may also be affected.
Login as Editor > Add testimonial > Under Title inject payload below ; parameter (post_title parameter) > Save Draft > Preview the post
payload --> user s1"><img src=x onerror=alert(document.cookie)>.gif
The draft post can be viewed using other Editor or Admin account and Stored XSS will be triggered.
Further information can be preview from github below:
https://github.com/saitamang/POC-DUMP/blob/main/wordpress/Netroics%20Blog%20Posts%20Grid%20v1.0%20Stored%20XSS.md
Subscribe to an RSS
FeedFile Tags
- ActiveX[19] (932)
- Advisory[20] (78,100)
- Arbitrary[21] (15,229)
- BBS[22] (2,859)
- Bypass[23] (1,577)
- CGI[24] (1,013)
- Code Execution[25] (6,738)
- Conference[26] (671)
- Cracker[27] (799)
- CSRF[28] (3,274)
- DoS[29] (21,985)
- Encryption[30] (2,338)
- Exploit[31] (50,027)
- File Inclusion[32] (4,153)
- File Upload[33] (945)
- Firewall[34] (821)
- Info Disclosure[35] (2,559)
- Intrusion Detection[36] (859)
- Java[37] (2,822)
- JavaScript[38] (802)
- Kernel[39] (6,124)
- Local[40] (14,063)
- Magazine[41] (586)
- Overflow[42] (12,241)
- Perl[43] (1,413)
- PHP[44] (5,056)
- Proof of Concept[45] (2,283)
- Protocol[46] (3,334)
- Python[47] (1,404)
- Remote[48] (29,811)
- Root[49] (3,460)
- Ruby[50] (578)
- Scanner[51] (1,630)
- Security Tool[52] (7,726)
- Shell[53] (3,070)
- Shellcode[54] (1,203)
- Sniffer[55] (882)
- Spoof[56] (2,116)
- SQL Injection[57] (16,048)
- TCP[58] (2,367)
- Trojan[59] (676)
- UDP[60] (870)
- Virus[61] (660)
- Vulnerability[62] (30,605)
- Web[63] (9,088)
- Whitepaper[64] (3,723)
- x86[65] (943)
- XSS[66] (17,373)
- Other[67]
File Archives
- September 2022[68]
- August 2022[69]
- July 2022[70]
- June 2022[71]
- May 2022[72]
- April 2022[73]
- March 2022[74]
- February 2022[75]
- January 2022[76]
- December 2021[77]
- November 2021[78]
- October 2021[79]
- Older[80]
Systems
- AIX[81] (426)
- Apple[82] (1,894)
- BSD[83] (369)
- CentOS[84] (55)
- Cisco[85] (1,913)
- Debian[86] (5,948)
- Fedora[87] (1,690)
- FreeBSD[88] (1,242)
- Gentoo[89] (4,192)
- HPUX[90] (878)
- iOS[91] (321)
- iPhone[92] (108)
- IRIX[93] (220)
- Juniper[94] (67)
- Linux[95] (42,749)
- Mac OS X[96] (684)
- Mandriva[97] (3,105)
- NetBSD[98] (255)
- OpenBSD[99] (478)
- RedHat[100] (11,910)
- Slackware[101] (941)
- Solaris[102] (1,607)
- SUSE[103] (1,444)
- Ubuntu[104] (7,973)
- UNIX[105] (9,105)
- UnixWare[106] (185)
- Windows[107] (6,447)
- Other[108]
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
