hello dear masters i am trying to get myself into xxs . dos and ddos attacks, and yesterday i made a penetration test on my wordpress using burpsuite and it reported me that my wordpress has a cross site scripting vulnerability.
I'm using wordpress plugin yop poll to collect some opinions from my visitors about the website,, and when do I do the scan, it is there where the program finds the vulnerability of my site
parameters: http://mywebsite.com/admin-ajax.php?action=yop_poll_load_js&id=10&location=widget&unique_id=4
The scan reports that the parameter uniqueid is vulnerable to xss attacks. i tried the traditional test like http://mywebsite.com/admin-ajax.php?action=yop_poll_load_js&id=10&location=widget&unique_id=<srcipt>alert("testing");</script> and it showed me some js files where the testing word was placed in some parts of the script., i´ve googled for the exploit and i foud that it is an vulnerabilitiy in yop poll 5.7.3 that im using now, can someone give me some examples on how it can be exploit by a hacker on mywebsite.
2 Responses
Simply using google I find the attack is base64 encoded. try JzthbGVydCgxKTsn
Also have a look at this for future reference. https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#fromCharCode
i google too, and on ma website it was not working but i found out that one of my publisher updated the plugin to 5.7.4 so i guess the same bug is present in this version just in another item, thank u anyway for the reply.. im going to figure out by the link u sent me
Share Your Thoughts