Wordpress plugin support board 1.2.3 crosssite scripting Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-10-16 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress plugin support board 1.2.3 crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Wordpress Plugin Support Board 1.2.3 - Cross-Site Scripting
# Date: 2018-10-16
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: https://schiocco.com/
# Software Link : https://board.support/
# Software : Support Board - Chat And Help Desk
# Version : v1.2.3
# Vulernability Type : Code Injection
# Vulenrability : HTML Injection and Stored XSS
# CVE : N/A
# In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress,
# a Stored XSS vulnerability has been discovered in file upload areas in the
# Chat and Help Desk sections via the msg parameter
# in a /wp-admin/admin-ajax.php sb_ajax_add_message action.
# In the v1.2.3 version of the Support Board - Chat And Help Desk PHP & Wordpress Plugin,
# the Stored XSS vulnerability has been discovered in the HTML Injection vulnerability and
# file upload areas in the Chat and Help Desk sections of Schiocco.
# HTTP POST Request : [HTML Injection]