Zebra_Form PHP Library <= 2.9.8 - Cross-Site Scripting

What is the "Zebra_Form PHP Library <= 2.9.8 - Cross-Site Scripting?"

The "Zebra_Form PHP Library <= 2.9.8 - Cross-Site Scripting" module is designed to detect reflected cross-site scripting vulnerabilities in the Zebra_Form PHP library version 2.9.8 and earlier. This library is commonly used by some WordPress plugins. The severity of this vulnerability is classified as medium, with a CVSS score of 5.4. The original author of this module is madrobot.

Impact

A reflected cross-site scripting vulnerability allows an attacker to inject malicious scripts into a website, which can then be executed by unsuspecting users. This can lead to various security risks, such as stealing sensitive information, session hijacking, or spreading malware.

How the module works?

The module works by sending a specific HTTP request to the target website's "process.php" file, which is part of the Zebra_Form PHP library. The request includes a payload that contains a script tag and an image tag with an "onerror" attribute. If the website is vulnerable, it will reflect the payload in its response.

The module uses the following matching conditions to determine if the vulnerability is present:

- The response body must contain the string "</script><img src onerror=alert(document.domain)>" - The response header must contain the string "text/html" - The HTTP status code must be 200

If all of these conditions are met, the module will report the vulnerability.