Giters

daniloalbuqrque / poc-cve-xss-uploading-svg

CVE-2023-4460

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

cve-2023-4460

Details

Title: Authenticated Reflected Cross-Site Scripting in "Uploading SVG, WEBP and ICO files" Plugin for WordPress CMS
Date: 2023-08-10
Author: Danilo Albuquerque
Vendor Homepage: https://wordpress.org
Software Link: https://wordpress.org/download
Version: WordPress 6.3
Plugin's Name and Version: Uploading SVG, WEBP and ICO files 1.2.1
Tested on: Brave (Version 1.50.119 Chromium: 112.0.5615.121 (Official Version) 64 bits)

PoC for Reflected XSS vulnerability in Uploading SVG, WEBP and ICO files 1.2.1

  1. Install the plugin;
  2. Create a SVG file with the malicious payload within it;
  3. Go to the "Media" page and upload the SVG file; and then
  4. Access the file through URL.

When you do all that and update the current page, it will bring you the alert pop-up with the message in it.

Screenshots below

  1. No plugin PoC: sem_o_plugin

  2. When there is no plugin the SVG file uploading does not work: sem_o_plugin_nao_pega

  3. The plugin's version in this day: versao_do_dia

  4. The plugin is now installed and activated: plugin_instalado_e_ativo

  5. Created the SVG file with the malicious payload within it: codigo_do_xss

  6. SVG file's upload done: upload_feito_e_aceito

  7. Payload triggered when the file is loaded: quando_acessa_xss

Bonus section: Stored XSS

  1. Changed the content of the malicious file: xss_stored_code

  2. Got the POST request in my Collaborator oastify: collaborator_poc

About

CVE-2023-4460

cve-2023-4460