Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019090114

Below is a copy:

Zoner | Real Estate Joomla Theme Persistent XSS
# Exploit Title: Zoner | Real Estate Joomla Theme Persistent XSS
# Google Dork: /templates/bt_zoner/html/
# Date: 15/09/2019
# Exploit Author: SubversA
# Vendor Homepage: http://www.inwavethemes.com/
# Software Link: https://themeforest.net/item/zoner-solution-for-joomla-real-estate-website/9385349
# Version: ? (Last Update: 19/07/2019)
# Tested on: Parrot OS
# CVE : -
# CWE : 79


----[]- Persistent XSS: -[]----
Log in as a regular user or agent, go to the http://zoner.inwavethemes.com/profile/profile/edit page and use your payload(s) inside this input fields: About, Phone, Mobile. For an agent user, payload(s) will be triggered on any property page you'll create.

Payload Sample: <img src=x onerror=(alert)(document.cookie)>

PoC: http://zoner.inwavethemes.com/properties/grid-listing/house/double-storey-house-seksyen-8-bandar-baru-bangi

Copyright ©2019 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.