Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-4439 PoC — WordPress 跨站脚本漏洞

Source
https://github.com/w0r1i0g1ht/CVE-2024-4439
Associated Vulnerability
Title:WordPress 跨站脚本漏洞 (CVE-2024-4439)
Description:WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar.
Description
CVE-2024-4439 docker and poc
Readme
# CVE-2024-4439
CVE-2024-4439 docker and poc

# 靶场设置
启动docker容器后还需要一些设置
访问127.0.0.1:8080,完成配置后

在后台-外观-主题中,选中一个主题,自定义,进行设置
![image-20241121211110379](https://github.com/user-attachments/assets/d5be6a62-d27f-45e1-8fa0-80c08306a3a5)

进入设计-模版-单篇文章

![image-20241121211213085](https://github.com/user-attachments/assets/ebb1a9a8-2ddb-4a03-bfd4-4ffb9084aa0d)

![image-20241121211346727](https://github.com/user-attachments/assets/201aa8a3-e60f-4f36-8fff-3b0c9538a79a)

右边选中头像,进入主题编辑器

![image-20241121211641111](https://github.com/user-attachments/assets/65b65f77-fb38-4154-a2be-c7e17b699cde)

先点击头像,然后右上方点击设置,右方有两个属性,链接到用户个人资料和在新窗口打开,把两个按钮勾选上
发布任意文章后,就可以进行评论,在评论中把作者的名字换成xss恶意语句
`" onmouseover="alert(1)"`
![image-20241121212104697](https://github.com/user-attachments/assets/d4a21e0f-2078-4e08-ba63-1ce37b7c4405)
![image-20241121212522905](https://github.com/user-attachments/assets/14edab45-147c-42bc-893d-f73c429d693b)

# 参考
[CVE-2024-4439 Wordpress XSS存储型漏洞复现 - 先知社区 (aliyun.com)](https://xz.aliyun.com/t/14438?time__1311=GqAxuWG%3DGQi%3DDsD7zG7Dy7FWitrTM7OEbD)
File Snapshot

 [4.0K]  /data/pocs/312d97226772bd39d0b7e55129bea832e0467d71
├── [ 829]  docker-compose.yml
├── [1.1K]  LICENSE
└── [1.4K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →