Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Analytify <4.2.1 - Cross-Site Scripting

By kannthu

Medium
Vidoc logoVidoc Module
#wp#wordpress#analytify#wpscan#wp-plugin
Description

What is "Analytify <4.2.1 - Cross-Site Scripting?"

The "Analytify <4.2.1 - Cross-Site Scripting" module is designed to detect a specific vulnerability in the WordPress Analytify plugin version 4.2.1 or lower. This vulnerability, classified as CWE-80, has a medium severity level with a CVSS score of 5.4. The module was authored by Akincibor.

Impact

This vulnerability in WordPress Analytify 4.2.1 allows for a reflected cross-site scripting (XSS) attack. When the 404 tracking feature is enabled, the plugin does not properly escape the current URL before outputting it on a 404 page. This can potentially allow an attacker to inject malicious scripts into the page, leading to various security risks.

How the module works?

The module works by sending an HTTP GET request to the path "/aa404bb?a</script><script>alert(/XSS/)</script>". It then applies several matching conditions to determine if the vulnerability exists:

- The response body must contain the words "text/javascript\">alert(/XSS/)</script>" and "wp-analytify". - The response header must contain the word "text/html". - The HTTP status code must be 404.

If all of these conditions are met, the module reports the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/aa404bb?a</script><...
Matching conditions
word: text/javascript">alert(/XSS/)</script>, ...and
word: text/htmland
status: 404
Passive global matcher
No matching conditions.
On match action
Report vulnerability