bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/49903.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

19 lines
No EOL
982 B
Text
Raw Blame History

# Exploit Title: WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting (XSS)
# Date: 2021-05-10
# Exploit Author: Bastijn Ouwendijk
# Vendor Homepage: https://reservationdiary.eu/
# Software Link: https://wordpress.org/plugins/redi-restaurant-reservation/
# Version: 21.0307 and earlier
# Tested on: Windows 10
# CVE : CVE-2021-24299
# Proof: https://bastijnouwendijk.com/cve-2021-24299/
Steps to exploit this vulnerability:
1. Go to the page where [redirestaurant] is embed to make a restaurant reservation by filling in the requested information
2. In the 'Comment' field of the restaurant reservation form put the payload: `<script>alert("XSS")</script>`
3. Submit the form
4. While being logged into WordPress as administrator go to ReDi Reservations > Upcoming (Tablet PC)
5. Click on 'View upcoming reservations'
6. Select for 'Show reservations for': 'This week'
7. The reservations are loaded and two alerts are shown with text 'XSS'
Reference in a new issue View git blame Copy permalink