Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Manage Calameo Publications 1.1.0 - Cross-Site Scripting

By kannthu

Medium
Vidoc logoVidoc Module
#wordpress#wp-plugin#xss#wp#wpscan
Description

What is "WordPress Manage Calameo Publications 1.1.0 - Cross-Site Scripting?"

The "WordPress Manage Calameo Publications 1.1.0 - Cross-Site Scripting" module is designed to detect a vulnerability in the WordPress plugin called "Manage Calameo Publications." This plugin version 1.1.0 is susceptible to a reflected cross-site scripting (XSS) attack through the "thickbox_content.php" file and the "attachment_id" parameter. The severity of this vulnerability is classified as medium, with a CVSS score of 5.4.

This module was authored by DhiyaneshDK.

Impact

If exploited, this vulnerability could allow an attacker to inject malicious scripts into the affected WordPress website. This can lead to various consequences, such as unauthorized access, data theft, or the manipulation of website content.

How does the module work?

The module performs a specific test case to identify if the WordPress plugin "Manage Calameo Publications" version 1.1.0 is vulnerable to the reflected XSS attack. It does this by sending an HTTP GET request to the following path:

/wp-content/plugins/athlon-manage-calameo-publications/thickbox_content.php?attachment_id=id%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E%26

The module then applies several matching conditions to determine if the vulnerability is present:

- The response body must contain the string "ath_upload_calameo_publication(id\">&)" - The response header must include the string "text/html" - The HTTP status code must be 200

If all of these conditions are met, the module will report the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/...
Matching conditions
word: ath_upload_calameo_publication(id\"><scr...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability