Wordpess Jannah Theme |Stored XSS

2020.07.13

Arda Acar (TR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: Index of /wp-content/themes/jannah/

#
# Wordpress Jannah Theme Stored XSS
#
# Author : Arda Acar
#
# Dork : Index of /wp-content/themes/jannah/
#
# Vendor Home Page : https://jannah.tielabs.com/
#
# Description :  

1)- Enter the comment section
2)- Paste your XSS payload 
3)- Send comment
4)- Refresh page 
5)- BooM

######################
Thx : W0rnix ~ Anarchosa ~ Dohela 
######################

See this note in RAW Version

Vote for this issue:

26%

74%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Vlad Vector

| Date: 2020-07-13 15:59 CET+1

WordPress version? Theme version? Payload example?

I mean, there is no technical information + as a fact this theme uses the standard WordPress comment function w/ good input sanitization, so u need a really good payload to make it work.

Wordpess Jannah Theme |Stored XSS

Dork: Index of /wp-content/themes/jannah/

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Wordpess Jannah Theme |Stored XSS

Dork: Index of /wp-content/themes/jannah/

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.