API tools faq
paste
Advertisement
ManhNho

CVE-2018-10752

ManhNho
May 4th, 2018
5,603
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.84 KB | None | 0 0
raw download clone embed print report
  1. # Exploit Title: WordPress Plugin Tagregator 0.6 - Stored XSS
  2. # Date: 05/05/2018
  3. # Exploit Author: ManhNho
  4. # Vendor Homepage: https://wordpress.org/plugins/tagregator/
  5. # Software Link: https://downloads.wordpress.org/plugin/tagregator.0.6.zip
  6. # Version: 0.6
  7. # Tested on: CentOS 6.5
  8. # CVE : CVE-2018-10752
  9. # Category : Webapps
  10.  
  11. 1. Description
  12. ===========
  13. WordPress Plugin Tagregator 0.6 - Stored XSS
  14.  
  15. 2. Proof of Concept
  16. ===========
  17.  
  18. #1. Login to admin panel
  19. #2. Access to Wordpress Tagregator setting, then choose Tweets/Instagram Media/Flickr Post/Google+ Activities and click "Add New" button
  20. #3. In title field, inject XSS pattern such as:
  21. <script>alert('ManhNho')</script> and click Preview button
  22. #4. This site will response url that will alert popup named ManhNho
  23. #5. Send this xss url to another administrators, we have same alert
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!