Exploits / Vulnerability Discovered : 2019-09-25 |
Type : webapps |
Platform : php
This exploit / vulnerability Wp server log viewer 1.0 logfile persistent crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
====================================[Description]====================================
This plugin allows you to add logfiles via wp-admin. The problem here is that the file paths are stored unfiltered/unescaped. This gives the possibility of a persistent XSS attack.
====================================[Proof of Concept]====================================
Add new log file to the plugin.
paste this exploit into the form and submit it.