facebook facebook twitter rss

Wordpress Contentive Theme - Cross Site Web

Author: Rednofozi , Published: 14-09-2018
[+] Title                 :- Wordpress Contentive Theme - Cross Site Web Vulnerability

[+] Date :- 2018-09-13

[+] Exploit Author :- Rednofozi

[+] Version :- All Versions

[+] Tested on :- Linux - Windows

[+] Category :- webapps

[+] Google Dorks :- 1- N/A

[+] Team name :- Anonysec.org

[+] Official Website :- anonysec

[+] Contact :- Rednofozi@yahoo.com







=========================================================



Common Vulnerability Scoring System:
====================================
3.2


Vulnerability Class:
====================
Cross Site Scripting - Non Persistent




Discovery Status:
=================
Published


Affected Product(s):
====================

Exploitation Technique:
=======================
Remote


Severity Level:
===============
Medium


Technical Details & Description:
================================
A stored cross site scripting web vulnerability has been discovered in the official Wordpress Contentive Theme web-application.
The non-persistent vulnerability allows remote attackers to inject own malicious script code to client-side application to browser requests.

The client-side cross site vulnerability is located in the `label` value of the page module GET method request. Remote attackers are able to inject
own malicious script codes to the client-side of the online service web-application to compromise user session information or data.

The security risk of the cross site web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.2.
Exploitation of the cross site vulnerability requires no privileged web-application user account and low user interaction.
Successful exploitation results in session hijacking, persistent phishings attacks, persistent external redirect and malware loads or persistent
manipulation of affected and connected module context.

Request Method(s):
[+] GET

Vulnerable Service(s):
[+] Contentive Theme (Wordpress)

Vulnerable Module(s):
[+] Input

Vulnerable Parameter(s):
[+] label


Proof of Concept (PoC):
=======================
The remote cross site vulnerability can be exploited by remote attackers privileged web-application user accounts with low user interaction.
For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.


PoC: Example
http://wp.localhost:8080/?s=[CLIENT SIDE CROSS SITE SCRIPTING VULNERABILITY!]

PoC: Exploitation
http://wp.localhost:8080/?s="'/><svg/onload=alert(/31337/);>


PoC: Vulnerable Source
<form role="search" method="get" id="searchform" action="http://wp.localhost:8080">
<div>
<input type="text" value=""'/><svg/onload=alert(123);>" name="s" id="s"/>
<input type="submit" id="searchsubmit" value=""/>
</div>
</form>


Reference(s):
http://wp.localhost:8080/?s=


Solution - Fix & Patch:
=======================
The vulnerability can be patched by a parse and encode of the vulnerable `label` value in the webpage GET method request.
Encode the parameter and restrict the value input to prevent further script code injection attacks.





Enjoy !

--------------------------------------------------------------------------------------------



#######################################################

Anonysec hacker iranin

########################################################



=======================================================

# Discovered by : Rednofozi





#--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow

Like us on Facebook :