Wordpress 5.3 XSS - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1849639 漏洞类型
发布时间 2019-12-06 更新时间 2019-12-06
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019120024
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
---------------------------------------------------------
# Exploit Title: Wordpress 5.3 - Cross-Site Scripting
# Google Dork: N/A
# Date: 2019-12-05
# Exploit Author: Unkn0wn (0x9a@tuta.io)
# Vendor Homepage: https://wordpress.com
# Software Link: https://wordpress.org/wordpress-5.3.zip
# Version: 5.3
# Tested on: Ubuntu & XAMPP
# CVE : N/A
---------------------------------------------------------
Description:
This vulnerability (XSS)occurs in the WordPress title.
You can use it with a xss payload when you send new post!
Now let's explain how it happens.

PoC "XSS" wp_using_themes():
First in the "template-loader.php" file in lines "85,86" We can see the following code:
*
if ( ! $template ) {
$template = get_index_template();

*
And finally the theme returns for us:
"96 - 105" lines
*

This code invokes Index page of the theme's for example (Twenty_Twenty)
Now we see "index.php" twenty theme in lines " 62 - 64 " wp_kses_post :
*
<?php if ( $archive_title ) { ?>
<h1 class="archive-title"><?php echo wp_kses_post( $archive_title ); ?></h1>
<?php } ?>
*
return for us XSS Payload in title web index page!this is Hide.
Demo:
https://cdn1.imggmi.com/uploads/2019/12/3/e56e3cf112bb2cf78e78075120e14ea1-full.png
https://cdn1.imggmi.com/uploads/2019/12/3/4f952dda2f01edc88460b93473a32ba7-full.png
----------------------------------------------------------
# We Are : AloneGhost - VeNoM - Agent Haze - Old_One - Unkn0wn
# https://Github.com/0x9a