header-logo
Suggest Exploit
vendor:
ReDi Restaurant Reservation
by:
Bastijn Ouwendijk
6.1
CVSS
MEDIUM
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: ReDi Restaurant Reservation
Affected Version From: 21.0307
Affected Version To: Earlier versions
Patch Exists: NO
Related CWE: CVE-2021-24299
CPE: a:wordpress:redi_restaurant_reservation:21.0307
Metasploit:
Other Scripts:
Platforms Tested: Windows 10
2021

WordPress Plugin ReDi Restaurant Reservation 21.0307 – ‘Comment’ Stored Cross-Site Scripting (XSS)

This exploit allows an attacker to execute arbitrary JavaScript code in the context of a user's browser by storing malicious script in the 'Comment' field of the restaurant reservation form.

Mitigation:

The vendor should release a patch to sanitize user input in the 'Comment' field to prevent XSS attacks. In the meantime, users can disable the affected plugin or apply a web application firewall (WAF) to filter out malicious scripts.
Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting (XSS)
# Date: 2021-05-10
# Exploit Author: Bastijn Ouwendijk
# Vendor Homepage: https://reservationdiary.eu/
# Software Link: https://wordpress.org/plugins/redi-restaurant-reservation/
# Version: 21.0307 and earlier
# Tested on: Windows 10
# CVE : CVE-2021-24299
# Proof: https://bastijnouwendijk.com/cve-2021-24299/

Steps to exploit this vulnerability:

1. Go to the page where [redirestaurant] is embed to make a restaurant reservation by filling in the requested information
2. In the 'Comment' field of the restaurant reservation form put the payload: `<script>alert("XSS")</script>`
3. Submit the form
4. While being logged into WordPress as administrator go to ReDi Reservations > Upcoming (Tablet PC)
5. Click on 'View upcoming reservations'
6. Select for 'Show reservations for': 'This week'
7. The reservations are loaded and two alerts are shown with text 'XSS'

Navigation

Suggest Exploit

Services By CQR