Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Blogroll Fun-Show Last Post and Last Update Time 0.8.4 - Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#wordpress#wp-plugin#xss#unauth#wp
Description

What is the "WordPress Blogroll Fun-Show Last Post and Last Update Time 0.8.4 - Cross-Site Scripting?" module?

The "WordPress Blogroll Fun-Show Last Post and Last Update Time 0.8.4 - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time. This vulnerability affects version 0.8.4 and possibly prior versions of the plugin. The module is created by DhiyaneshDK and has a severity rating of high.

Impact

A cross-site scripting vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. In the case of this module, an attacker could exploit the vulnerability in the Blogroll Fun-Show Last Post and Last Update Time plugin to execute arbitrary scripts on the affected WordPress site. This could lead to various consequences, such as stealing sensitive information, manipulating website content, or performing unauthorized actions on behalf of the user.

How does the module work?

The module works by sending a specific HTTP request to the vulnerable WordPress site. The request is targeted at the "/wp-content/plugins/blogroll-fun/blogroll.php" path and includes a parameter "k" with a malicious script payload. The module then checks the response from the server against several matching conditions to determine if the vulnerability is present.

Here is an example of the HTTP request sent by the module:

GET /wp-content/plugins/blogroll-fun/blogroll.php?k=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

The module's matching conditions include:

- The response body must contain the string "Got: <script>alert(document.domain)</script><br>" - The response header must include the string "text/html" - The HTTP status code must be 200

If all the matching conditions are met, the module reports the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/...
Matching conditions
word: Got: <script>alert(document.domain)</scr...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability