Headline

CVE-2022-45285: Vsourz-Digital/AdvancedContactForm_CF7_DB_XSS.txt at main · IthacaLabs/Vsourz-Digital

Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS).

1 year ago

CVE

Open in Source

#xss #web #windows #apache #js #git #java #wordpress #php #firefox

Permalink

Cannot retrieve contributors at this time

Reflected XSS (Cross-Site Scripting) attack - CVE-2022-45285

------------------------------------------------------------

Vendor: Vsourz Digital

Wordpress Plugin Versions: Advanced Contact form 7 DB - 1.7.2, 1.9.1

Type: Remote attack

We have identified that the “Advanced Contact form 7 DB - 1.7.2, 1.9.1” Wordpress Plugin Versions are vulnerable to Reflective Cross-site scripting (XSS). This is due to that the Web App fails to sanitize HTML/JavaScript code on the server-side. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user’s browser (e.g. admin) within the security context of the affected site. This attack can be used in conjunction with a social engineering techniques.

We have managed to bypass the client-side protection (URL Encoding) by intercepting the GET HTTP request using an HTTP proxy tool, and then inserting the XSS payload. Also, we have bypassed the server-side protection (Backslash Escaping) using backticks instead of single or double quotes.

Below, evidence is provided.

Request:

GET /formsurvey/index.php/user/admin/?’><script>alert(`XSS`)</script><’ HTTP/1.1

Host: 1.1.1.1

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

DNT: 1

Connection: close

Upgrade-Insecure-Requests: 1

Response: