Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Zebra_Form PHP Library <= 2.9.8 - Cross-Site Scripting

By kannthu

Medium
Vidoc logoVidoc Module
#wordpress#xss#wp#wpscan
Description

What is the "Zebra_Form PHP Library <= 2.9.8 - Cross-Site Scripting?"

The "Zebra_Form PHP Library <= 2.9.8 - Cross-Site Scripting" module is designed to detect reflected cross-site scripting vulnerabilities in the Zebra_Form PHP library version 2.9.8 and earlier. This library is commonly used by some WordPress plugins. The severity of this vulnerability is classified as medium, with a CVSS score of 5.4. The original author of this module is madrobot.

Impact

A reflected cross-site scripting vulnerability allows an attacker to inject malicious scripts into a website, which can then be executed by unsuspecting users. This can lead to various security risks, such as stealing sensitive information, session hijacking, or spreading malware.

How the module works?

The module works by sending a specific HTTP request to the target website's "process.php" file, which is part of the Zebra_Form PHP library. The request includes a payload that contains a script tag and an image tag with an "onerror" attribute. If the website is vulnerable, it will reflect the payload in its response.

The module uses the following matching conditions to determine if the vulnerability is present:

- The response body must contain the string "</script><img src onerror=alert(document.domain)>" - The response header must contain the string "text/html" - The HTTP status code must be 200

If all of these conditions are met, the module will report the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: </script><img src onerror=alert(document...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability