Forum Thread: How to Precede an Xss Attack in Advanced Mode

hello dear masters i am trying to get myself into xxs . dos and ddos attacks, and yesterday i made a penetration test on my wordpress using burpsuite and it reported me that my wordpress has a cross site scripting vulnerability.

I'm using wordpress plugin yop poll to collect some opinions from my visitors about the website,, and when do I do the scan, it is there where the program finds the vulnerability of my site

parameters: http://mywebsite.com/admin-ajax.php?action=yop_poll_load_js&id=10&location=widget&unique_id=4

The scan reports that the parameter uniqueid is vulnerable to xss attacks. i tried the traditional test like http://mywebsite.com/admin-ajax.php?action=yop_poll_load_js&id=10&location=widget&unique_id=<srcipt>alert("testing");</script> and it showed me some js files where the testing word was placed in some parts of the script., i´ve googled for the exploit and i foud that it is an vulnerabilitiy in yop poll 5.7.3 that im using now, can someone give me some examples on how it can be exploit by a hacker on mywebsite.

2 Responses

i google too, and on ma website it was not working but i found out that one of my publisher updated the plugin to 5.7.4 so i guess the same bug is present in this version just in another item, thank u anyway for the reply.. im going to figure out by the link u sent me

Share Your Thoughts

  • Hot
  • Active