Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Securimage-WP 3.2.4 - Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#edb#wordpress#xss#wp-plugin
Description

WordPress Securimage-WP 3.2.4 - Cross-Site Scripting

What is the "WordPress Securimage-WP 3.2.4 - Cross-Site Scripting?"

The "WordPress Securimage-WP 3.2.4 - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the WordPress Securimage-WP 3.2.4 plugin. This vulnerability allows an attacker to execute arbitrary scripts in the browser of an unsuspecting user. The severity of this vulnerability is classified as high, with a CVSS score of 7.2.

Author: daffainfo

Impact

If exploited, this cross-site scripting vulnerability can lead to various malicious activities, including stealing sensitive user information, performing unauthorized actions on behalf of the user, or injecting malicious content into the affected website.

How does the module work?

The module works by sending an HTTP request to the vulnerable endpoint, which is "/wp-content/plugins/securimage-wp/siwp_test.php/%22/%3E%3Cscript%3Ealert(1);%3C/script%3E?tested=1". This request is sent using the GET method.

The module then applies several matching conditions to determine if the vulnerability is present:

- The response body must contain the string "<script>alert(1)</script>". - The response header must contain the string "text/html". - The HTTP status code must be 200.

If all of these conditions are met, the module reports the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/...
Matching conditions
word: <script>alert(1)</script>and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability