Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-38529 | CWE-79 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2019-09-16 |
CPE |
---|
cpe:cpe:/a:zoner:real_estate_joomla_theme |
# Exploit Title: Zoner | Real Estate Joomla Theme Persistent XSS # Google Dork: /templates/bt_zoner/html/ # Date: 15/09/2019 # Exploit Author: SubversA # Vendor Homepage: http://www.inwavethemes.com/ # Software Link: https://themeforest.net/item/zoner-solution-for-joomla-real-estate-website/9385349 # Version: ? (Last Update: 19/07/2019) # Tested on: Parrot OS # CVE : - # CWE : 79 ----[]- Persistent XSS: -[]---- Log in as a regular user or agent, go to the http://zoner.inwavethemes.com/profile/profile/edit page and use your payload(s) inside this input fields: About, Phone, Mobile. For an agent user, payload(s) will be triggered on any property page you'll create. Payload Sample: <img src=x onerror=(alert)(document.cookie)> PoC: http://zoner.inwavethemes.com/properties/grid-listing/house/double-storey-house-seksyen-8-bandar-baru-bangi
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.