dEEpEst Posted March 1, 2018 Share Posted March 1, 2018 [hide-thanks] well ,sir ,i just found a stored-xss bug here. The report link to the wordpress-form is missing, because the manager do not wish to put the public in danger ,i'll just write some details here. When i login into the wordpress panel, assume i have a low privilege role like a editor user. This is the hidden content, please Sign In or Sign Up [ATTACH=json]n111952[/ATTACH] because the admin user has turned on the option of the wp-plugin add-link-to-facebook, a normal user like me can also use it. I can write something in the profile page. By the way, i'm the user "test" now: At the profile page: This is the hidden content, please Sign In or Sign Up but when i pentest the parameter in this plugin, i found when i write something into this point, it does not filter well: Weak post parameter: This is the hidden content, please Sign In or Sign Up [/hide-thanks] Link to comment Share on other sites More sharing options...
Recommended Posts