WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting

Februari 29, 2020 Februari 29, 2020

# Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
# Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply"
# Date: 2020-02-14
# Category : Webapps
# Software Link: https://downloads.wordpress.org/theme/fruitful.3.8.zip
# Vendor Homepage: https://github.com/Fruitfulcode/Fruitful
# Exploit Author: Ultra Security Team (Ashkan Moghaddas , AmirMohammad Safari)
# Team Members: Behzad Khalifeh , Milad Ranjbar
# Version: 3.8
# Tested on: Windows/Linux
# CVE: N/A

1.Dorking untuk dapatkan website target

2. Pilih target

3. Cari list komen, coba klik salah satu postingan

4. Lalu Inject dengan Kode JavaScript kalian dibagian nama dan email , trus di klik post comment...
Contoh Kode JS : '>"><script>alert(/XSS By Z3X | Bojonegoro Cyber Security/)</script>

5. Jika seperti ini maka tandanya sudah ter xss

Cross-Site Scripting

SAYATEKNO

WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting

Posting Komentar