WordPress 5.0.3 Stored Cross-Site Scripting Vulnerability

Yazılarımı sol kısımda bulunan sosyal medya butonlarına basarak paylaşabilirsiniz.
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Proof of Concept

To exploit vulnerability, Allows it to run a Stored Cross-Site Scripting by saving a new title or rename

HTTP Request:

 

What is Stored XSS:

Stored Cross-site Scripting (XSS) occur when an attacker injects browser executable code within a single HTTP response. The injected attack is stored within the application itself; it is non-persistent and only impacts users who open a maliciously crafted link or third-party web page. The attack string is included as part of the crafted URL or HTTP parameters, improperly processed by the application, and returned to the victim.

Proof of Concept Video

Screenshots

Source: https://github.com/rdincel1/WordPress-5.0.3-Stored-Cross-Site-Scripting-Vulnerability

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir