0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WordPress YOP Polls 6.2.7 Plugin - Stored Cross Site Scripting Vulnerability
[# Exploit Title: WordPress Plugin YOP Polls 6.2.7 - Stored Cross Site Scripting (XSS)
# Exploit Author: inspired - Toby Jackson
# Vendor Homepage: https://yop-poll.com/
# Blog Post: https://www.in-spired.xyz/discovering-wordpress-plugin-yop-polls-v6-2-7-stored-xss/
# Software Link: https://en-gb.wordpress.org/plugins/yop-poll/
# Version: Tested on version 6.2.7 (Older versions may be affected)
# Tested on: WordPress
# Category : Webapps
## I. Vulnerability
Stored Cross Site Scripting (XSS)
## II. Product Overview
The software allows users to quickly generate polls and voting systems for their blog posts without any need for programming knowledge.
## III. Exploit
When a poll is created that allows other answers and then the setting is enabled for displaying the other responses after submission, the other answer is not sanitized when displayed back to the user, showing an XSS vulnerability. It is, however, correctly sanitized when displaying the other choices on the initial vote page.
## IV. Vulnerable Code
The vulnerable code resides in the fact the results are echoed back to the user without any sanitization performed on the output. It also gets stored in the database as it's inserts.
## IV. Proof of Concept
- Create a new poll that allows other answers, with the results of the other answers being displayed after voting.
- Set the permissions to whoever you'd like to be able to vote.
- Place it on a blog post.
- Insert '<script>alert('xss')</script>' into the other box.
- Submit vote. The payload gets triggered when reflected back to users.
- Whenever a new user votes, they will also be affected by the payload.
## VI. Impact
An attacker can leave stored javascript payloads to be executed whenever a user votes and views the results screen. This could lead to them stealing cookies, logging keystrokes and even stealing passwords from autocomplete forms.
## VII. SYSTEMS AFFECTED
WordPress websites running "YOP Polls" plugin version 6.2.7 (older versions may also be affected).
## VIII. REMEDIATION
Update the plugin to v6.2.8.
## VIIII. DISCLOSURE TIMELINE
-------------------------
June 9, 2021 1: Vulnerability identified.
June 9, 2021 2: Informed developer of the vulnerability.
June 10, 2021 1: Vendor requested proof of concept.
June 10, 2021 2: Sent proof of concept and accompanying details.
June 14, 2021 1: Vendor emails to state the vulnerability has been fixed.
June 16, 2021 1: Confirmed fix, vendor happy to disclose the vulnerability.
June 17, 2021 1: Requested CVE Number.
# 0day.today [2024-11-16] #