Exploits / Vulnerability Discovered : 2018-08-20 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress plugin tagregator 0.6 crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
1. Login to admin panel
2. Access to Wordpress Tagregator setting, then choose Tweets/Instagram
Media/Flickr Post/Google+ Activities and click "Add New" button
3. In title field, inject XSS pattern such as:
<script>alert('xss')</script> and click Preview button
4. This site will response url that will alert popup named xss
5. Send this xss url to another administrators, we have same alert