Advertisement






Superlist - Directory WordPress Theme v2.9.2 Persistent XSS

CVE Category Price Severity
CVE-2016-12345 CWE-79 $500 High
Author Risk Exploitation Type Date
Hacker123 High Remote 2019-12-02
CPE
cpe:cpe:/a:wordpress:superlist-directory-wordpress-theme:2.9.2
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 0.531207 0.732

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019120005

Below is a copy:

Superlist - Directory WordPress Theme v2.9.2 Persistent XSS
# Exploit Title: Superlist - Directory WordPress Theme v2.9.2 Persistent XSS
# Google Dork: /wp-content/themes/superlist/
# Date: 02/12/2019
# Exploit Author: SUBVRS
# Vendor Homepage: https://byaviators.com/en/
# Software Link: https://themeforest.net/item/superlist-directory-wordpress-theme/13507181
# Version: 2.9.2 [ 2.880 Sales ]
# Tested on: Parrot OS
# CVE : -
# CWE : 79


----[]- Persistent XSS: -[]----
You need a new basic user account (register your own here https://superlist.byaviators.com/create/?type=job or use mine: subversa/subversa), then go to the https://superlist.byaviators.com/create/?type=job&step=contact page for new listing submit right on the Contact step. You'll see the vulnerable input fields, f.e. Phone. Use payload like provided below and save your listing. The point is, you need to break the Phone <a> tag and inject desired payload inside it. All data from the form steps is stored as a cookie.

Payload Sample #0: " /onmouseover="alert(document.cookie);" /onauxclick="alert(document.domain);"
Payload Sample #1: " /onmouseover="console.log(`SUBVRS`);" /onauxclick="alert(`PoC`);window.location.replace(`http://defcon.su`);"

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.