Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress NextGEN Gallery 1.9.10 - Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#wp-plugin#edb#wordpress#xss
Description

What is the "WordPress NextGEN Gallery 1.9.10 - Cross-Site Scripting?" module?

The "WordPress NextGEN Gallery 1.9.10 - Cross-Site Scripting" module is designed to detect a specific vulnerability in the WordPress NextGEN Gallery plugin version 1.9.10. This vulnerability allows for cross-site scripting (XSS) attacks, which can be highly damaging to a website's security.

The severity of this vulnerability is classified as high, indicating the potential for significant harm if exploited. The module was authored by daffainfo.

Impact

If successfully exploited, this vulnerability allows an attacker to execute arbitrary scripts in the browser of an unsuspecting user. This can lead to various malicious activities, such as stealing sensitive information, manipulating website content, or redirecting users to malicious websites.

How does the module work?

The module works by sending a specific HTTP request to the vulnerable WordPress NextGEN Gallery plugin. It then applies a set of matching conditions to determine if the vulnerability is present.

One example of an HTTP request used by the module is:

/wp-content/plugins/nextgen-gallery/nggallery.php?test-head=</script><script>alert(document.domain)</script>

The module's matching conditions include:

- The presence of the specific XSS payload in the response body: </script><script>alert(document.domain)</script> - The response header containing the content type "text/html" - The HTTP response status code being 200 (indicating a successful request)

If all of these conditions are met, the module identifies the presence of the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/...
Matching conditions
word: </script><script>alert(document.domain)<...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability