Exploits / Vulnerability Discovered : 2022-01-27 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress plugin mortgage calculators wp 1.52 stored crosssite scripting (xss) (authenticated) is for educational purposes only and if it is used you will do on your own risk!
# Description:
The plugin gives users real-time estimates by providing mortgage calculators. It does not implement any sanitisation on the color value of the background of a calculator in admin panel, which could lead to authenticated Stored Cross-Site Scripting issues. An attacker can execute malicious javascript codes for all visitors of a page containing the calculator.
# Steps To Reproduce:
1. Go to settings page available under the "Calculator" menu item.
2. Click the "Select Color" button and type the following payload the input space: `hacked</style></head><script>alert(1)</script>`
3. Click the "Save Changes" button to save settings.
4. Create a new page and add the shortcode ([mcwp type="cv"]) of the calculator, for testing.
5. Visit the page to trigger XSS.