Become a patron and gain access to the dashboard, Schedule scans, API and Search patron

Search for hundreds of thousands of exploits

"Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting"

Author

Exploit author

"Ilca Lucian Florin"

Platform

Exploit platform

php

Release date

Exploit published date

2020-11-27

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# Exploit Title: Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting
# Date: 11/27/2020
# Exploit Author: Ilca Lucian Florin
# Vendor Homepage: http://demo.themeftc.com/wibar
# Software Link: https://themeforest.net/item/wibar-responsive-woocommerce-wordpress-theme/20994798
# Version: 1.1.8
# Tested on: Latest Version of Desktop Web Browsers: Chrome, Firefox, Microsoft Edge

The WordPress theme contains Brands feature which is vulnerable to stored
cross site scripting. The logo URL parameter is vulnerable to cross site
scripting. The following vector was used for testing XSS: "><script
src="data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=="></script>.

In order to reproduce the vulnerability, please follow the next steps:

1. Log in as editor/administrator/contributor/author:
https://website.com/wp-admin
2. Go to Brands section
3. Click add new brand and add a custom brand title
4. The vulnerable parameter is: Logo URL / <input type="text"
name="ftc_brand_url" id="ftc_brand_url" value="">
5. Add the following payload: "><script
src="data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=="></script> , where
base64 == alert(document.domain)
6. Publish
7. The alert will pop up when a user will visit the website on
https://website.com/brand/vulnerablebrand.

Evidence:

1. https://ibb.co/1fpYJWN
2. https://ibb.co/S7j5Sgd

C.V.S.S Score: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L / 7.5 High
Release Date Title Type Platform Author
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Microsoft Windows - Win32k Elevation of Privilege" local windows nu11secur1ty
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
2020-12-02 "Pharmacy Store Management System 1.0 - 'id' SQL Injection" webapps php "Aydın Baran Ertemir"
Release Date Title Type Platform Author
2020-11-27 "SAP Lumira 1.31 - Stored Cross-Site Scripting" local multiple "Ilca Lucian Florin"
2020-11-27 "Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting" webapps php "Ilca Lucian Florin"
2019-08-14 "SugarCRM Enterprise 9.0.0 - Cross-Site Scripting" webapps php "Ilca Lucian Florin"
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/49107/?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.