XSS Vulnerability Found on Gadgetry WordPress Theme

0
111

Hello everyone, Today I’m showing PHP source code analysis with RIPS.

RIPS is easy to use with simple user interface. In my computer, it has been already setup wordpress website with Gadgetry Theme for my previous project and I start to test this theme with RIPS.

We need to add the path of PHP files. I’m using Linux and my path is

/var/www/html/wordpress/

It’s scanning for a minute and show the results.

It found Cross-Site-Scripting(XSS) vulnerability and show the result like this.

But we don’t need to trust scanners because most scanners give us false positive results.
So I need to check it manually.
The vulnerable php file is all_shortcodes.php and browse that page.

It shows no result for normal browsing. Ok, let’s try with XSS payload.
The scanning result shows the method is POST right?
So let’s browse the page with POST method with XSS Payload.
The parameter is post_id and
The payload is “><svg/ onload=prompt(1)>

Got it 😀
To confirm the vulnerability, I tested another websites which used Gadgetry themes by finding google dork.

inurl:/wp-content/themes/gadgetry-parent/framework

Proof of Concept

LEAVE A REPLY

Please enter your comment!
Please enter your name here