Jump to content

Hello visitors, welcome to the Hacker World Forum!

Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

TheHackerWorld Official

WordPress 插件管理栏和仪表板访问控制版本:1.2.8 - “仪表板重定向”字段存储跨站点脚本 (XSS)

404 Not Found
404 Not Found
in CHT Vulnerability database

Featured Replies

Posted 

JavaScript:

# Exploit Title:  WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field  Stored Cross-Site Scripting (XSS)
# Google Dork: NA
# Date: 28/10/2023
# Exploit Author: Rachit Arora
# Vendor Homepage:
# Software Link:  https://wordpress.org/plugins/admin-bar-dashboard-control/
# Version: 1.2.8
# Category: Web Application
# Tested on: Windows
# CVE : 2023-47184


1. Install WordPress (latest)

2. Install and activate Admin Bar & Dashboard Access Control.

3. Navigate to "Admin Bar & Dash"  >> Under Dashboard Access and in the "Dashboard Redirect" enter the payload into the input field.

"onfocusin=alert``+autofocus>
"onfocusin=alert`document.domain`+autofocus>

4. You will observe that the payload successfully got stored  and when you are triggering the same functionality in that time JavaScript payload is executing successfully and we are getting a pop-up.

 

Create an account or sign in to comment

Go to topic listing

Recently Browsing 0

  • No registered users viewing this page.