Real Estate 7 - Real Estate WordPress Theme v2.8.9 Persistent XSS Injection

2019.07.24
ru m0ze (RU) ru
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

/*! * # Exploit Title: Real Estate 7 - Real Estate WordPress Theme v2.8.9 Persistent XSS Injection * # Google Dork: inurl:"/wp-content/themes/realestate-7/" * # Date: 2019/07/20 * # Author: m0ze * # Vendor Homepage: https://contempothemes.com * # Software Link: https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778 * # Version: <= 2.8.9 * # Tested on: NginX * # CVE: - * # CWE: CWE-79 */ ::- Details & Description -:: ~ The «Real Estate 7» premium WordPress theme is vulnerable to persistent XSS injection that allows an attacker to inject JavaScript or HTML code into the website front-end. ::- Demo Website -:: ~ Frontend: https://contempothemes.com/wp-real-estate-7/multi-demo/ ~ Backend: https://contempothemes.com/wp-real-estate-7/multi-demo/dashboard/ ~ Login / Password: m0ze / asdasd ::- Special Note -:: ~ 7.151 Sales ~ If pre moderation is enabled, then u have a huge chance to steal an admin or moderator cookies. ~ U can edit any existed listing on the website by changing the unique ID -> https://contempothemes.com/wp-real-estate-7/multi-demo/edit-listing/?listings=XXX (where XXX is WordPress post ID, u can find it inside <body> tag class). ::- PoC Links -:: ~ https://contempothemes.com/wp-real-estate-7/multi-demo/?post_type=listings&p=5107 ::- PoC [Persistent XSS Injection] -:: ~ First of all, register a new account as a seller or agent, log in and choose free membership package @ the dashboard. After that u'll be able to submit a new listing -> https://contempothemes.com/wp-real-estate-7/multi-demo/submit-listing/ ~ For persistent XSS injection u need to add ur payload inside the «Vitrual Tour Embed» text area (on the «DETAILS» step) and then press «Submit» button. ~ Example: <img src="x" onerror="(alert)(`m0ze`)">

References:

https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778
https://twitter.com/m0ze_ru


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top