Exploits / Vulnerability Discovered : 2019-09-04 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress plugin download manager 2.9.93 crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
In the pro features of the WordPress download manager plugin, there is
a Category Short-code feature witch can use to sort categories with
order by a function which will be used as ?orderby=title,publish_date
.
By adding parameter "> and add any XSS payload , the xss payload will execute.
To reproduce,
1.Go to the link where we can find ?orderby
2.Add parameters >” and give simple payload like <script>alert(1)</script>
3.The payload will execute.
--