WordPress Motopress Hotel Booking Lite 4.4.2 Skrip Lintas Situs

  • Whatsapp
Sofico Miles RIA 2020.2 Build 127964T Cross Site Scripting
Sofico Miles RIA Build T Cross Site Scripting

News.nextcloud.asia

Plugin Motopress Hotel Booking Lite versi 4.4.2 mengalami kerentanan skrip lintas situs yang persisten.

SHA-256 | 3ed48165602f4bd9548ae2c2a60d166d4e4c761edf4ac75c034e6792d95ba5bb

# Exploit Title: WordPress Plugin Motopress Hotel Booking Lite 4.4.2 - Stored Cross-Site Scripting (XSS)
# Date: 2022-09-28
# Exploit Author: Ali Alipour
# Vendor Homepage: https://motopress.com/
# Software Link: https://wordpress.org/plugins/motopress-hotel-booking-lite/
# Version: 4.4.2
# Tested on: Windows 10 Pro x64 - XAMPP Server
# CVE : N/A

PoC:

1: Install Latest WordPress

2: Install and activate Latest Motopress Hotel Booking Lite (4.4.2).

3: Navigate to Accommodation >> Services.

4: Click on "Add New" button And Enter the JavaScript Payload in the Title Field : ( "><script>alert("XSS")</script> )

5:Click on the publish button.

6. Visit http://localhost/wp/services/

7. XSS payload execute.

Pos terkait

Tinggalkan Balasan

Alamat email Anda tidak akan dipublikasikan. Ruas yang wajib ditandai *