Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: WordPress Plugin Tagregator 0.6 - Stored XSS
- # Date: 05/05/2018
- # Exploit Author: ManhNho
- # Vendor Homepage: https://wordpress.org/plugins/tagregator/
- # Software Link: https://downloads.wordpress.org/plugin/tagregator.0.6.zip
- # Version: 0.6
- # Tested on: CentOS 6.5
- # CVE : CVE-2018-10752
- # Category : Webapps
- 1. Description
- ===========
- WordPress Plugin Tagregator 0.6 - Stored XSS
- 2. Proof of Concept
- ===========
- #1. Login to admin panel
- #2. Access to Wordpress Tagregator setting, then choose Tweets/Instagram Media/Flickr Post/Google+ Activities and click "Add New" button
- #3. In title field, inject XSS pattern such as:
- <script>alert('ManhNho')</script> and click Preview button
- #4. This site will response url that will alert popup named ManhNho
- #5. Send this xss url to another administrators, we have same alert
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement