Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

WordPress Plugin YOP Polls 6.2.7 - Stored Cross Site Scripting (XSS)

 Share


HACK1949

Recommended Posts

# Exploit Title: WordPress Plugin YOP Polls 6.2.7 - Stored Cross Site Scripting (XSS)
# Date: 09/06/2021
# Exploit Author: inspired - Toby Jackson
# Vendor Homepage: https://yop-poll.com/
# Blog Post: https://www.in-spired.xyz/discovering-wordpress-plugin-yop-polls-v6-2-7-stored-xss/
# Software Link: https://en-gb.wordpress.org/plugins/yop-poll/
# Version: Tested on version 6.2.7 (Older versions may be affected)
# Tested on: WordPress
# Category : Webapps

## I. Vulnerability

Stored Cross Site Scripting (XSS)

## II. Product Overview

The software allows users to quickly generate polls and voting systems for their blog posts without any need for programming knowledge. 

## III. Exploit 

When a poll is created that allows other answers and then the setting is enabled for displaying the other responses after submission, the other answer is not sanitized when displayed back to the user, showing an XSS vulnerability. It is, however, correctly sanitized when displaying the other choices on the initial vote page.

## IV. Vulnerable Code

The vulnerable code resides in the fact the results are echoed back to the user without any sanitization performed on the output. It also gets stored in the database as it's inserts.

## IV. Proof of Concept

- Create a new poll that allows other answers, with the results of the other answers being displayed after voting.
- Set the permissions to whoever you'd like to be able to vote.
- Place it on a blog post.
- Insert '<script>alert('xss')</script>' into the other box.
- Submit vote. The payload gets triggered when reflected back to users.
- Whenever a new user votes, they will also be affected by the payload.

## VI. Impact

An attacker can leave stored javascript payloads to be executed whenever a user votes and views the results screen. This could lead to them stealing cookies, logging keystrokes and even stealing passwords from autocomplete forms.

## VII. SYSTEMS AFFECTED

WordPress websites running "YOP Polls" plugin version 6.2.7 (older versions may also be affected).

## VIII. REMEDIATION

Update the plugin to v6.2.8.

## VIIII. DISCLOSURE TIMELINE
-------------------------
June 9, 2021 1: Vulnerability identified.
June 9, 2021 2: Informed developer of the vulnerability.
June 10, 2021 1: Vendor requested proof of concept.
June 10, 2021 2: Sent proof of concept and accompanying details.
June 14, 2021 1: Vendor emails to state the vulnerability has been fixed.
June 16, 2021 1: Confirmed fix, vendor happy to disclose the vulnerability.
June 17, 2021 1: Requested CVE Number.
            
Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...