Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Sassy Social Share <=3.3.3 - Cross-Site Scripting

By kannthu

Medium
Vidoc logoVidoc Module
#xss#wp#wpscan#wordpress#wp-plugin
Description

Sassy Social Share <=3.3.3 - Cross-Site Scripting

What is the "Sassy Social Share <=3.3.3 - Cross-Site Scripting" module?

The "Sassy Social Share <=3.3.3 - Cross-Site Scripting" module is designed to detect and report a medium severity cross-site scripting (XSS) vulnerability in the Sassy Social Share plugin for WordPress. This module targets version 3.3.3 and below of the plugin.

Sassy Social Share is a popular WordPress plugin that allows users to add social sharing buttons to their websites. However, this specific version of the plugin is vulnerable to XSS attacks, which can allow attackers to inject malicious code into the website and potentially compromise user data.

The severity of this vulnerability is classified as medium, indicating that it has the potential to cause significant harm if exploited. Website owners using the affected version of the Sassy Social Share plugin should take immediate action to update to a secure version or find an alternative solution.

Impact

If exploited, this vulnerability can allow attackers to inject malicious code into the website, potentially compromising user data and performing unauthorized actions on behalf of the user. This can lead to various security risks, including data theft, defacement of the website, and the spread of malware to site visitors.

How the module works?

The "Sassy Social Share <=3.3.3 - Cross-Site Scripting" module works by sending a specific HTTP request to the vulnerable plugin and analyzing the response. The module checks if the response contains specific patterns that indicate the presence of the XSS vulnerability.

For example, the module sends a GET request to the "/wp-admin/admin-ajax.php?action=heateor_sss_sharing_count&urls[%3Cimg%20src%3dx%20onerror%3dalert(document.domain)%3E]=" endpoint. It then checks if the response body contains the following words: "[{\"<img src=x onerror=alert(document.domain)>\":\"\"}]", "facebook", and "twitter". Additionally, it verifies that the response header does not contain the word "application/json" and that the HTTP status code is 200.

If all the matching conditions are met, the module reports the presence of the XSS vulnerability, allowing website owners to take appropriate actions to mitigate the risk.

Note: It is crucial for website owners to promptly address this vulnerability by updating the Sassy Social Share plugin to a secure version or finding an alternative solution to ensure the protection of their website and user data.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-admin/admin-ajax...
Matching conditions
word: [{"<img src=x onerror=alert(document.dom...and
NOT word: application/jsonand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability