This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,702 With Us For: 243 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS) # Date: 17/04/2021 # Exploit Author: Himamshu Dilip Kulkarni # Software Link: https://wordpress.org/plugins/rss-for-yandex-turbo/ # Version: 1.29 # Tested on: Windows #Steps to reproduce vulnerability: 1. Install WordPress 5.6 2. Install and activate "RSS for Yandex Turbo" plugin. 3. Navigate to Setting >> Яндекс.Турбо >> Счетчики and enter the data into all the six user input field and submit the request. 4. Capture the request into burp suite and append the following mentioned JavaScript payloads (one payload per parameter) "+onmouseover="alert(1) "+onmouseover="alert(2) "+onmouseover="alert(3) "+onmouseover="alert(4) "+onmouseover="alert(5) "+onmouseover="alert(6) 5. You will observe that the payloads got successfully stored into the database and when you move the mouse cursor over these fields the JavaScript payloads get executed successfully and we get a pop-up. Link to comment Share on other sites More sharing options...
Recommended Posts