Home / os / winme

Levo Slideshow 2.3 Stored XSS Wordpress Plugin *youtube

Posted on 30 November -0001

<HTML><HEAD><TITLE>Levo Slideshow 2.3 Stored XSS Wordpress Plugin *youtube</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>Hello, I am Aaditya Purani, and i found a Stored XSS in Levo Slideshow 2.3 Version, by this you can enter malicious payload in Image Title and execute. Proof of Concept 1) Go to Levo Slideshow -> Manage Images 2) Add an Image, in Image Title Input, enter the Payload as follow t" onmouseover=alert(document.domain); a=' 3) Save it and Reload the Page and Game over. :) Video POC: https://www.youtube.com/watch?v=ESlZGPhqFnE Follow: https://twitter.com/aaditya_purani https://aadityapurani.com</BODY></HTML>

 

TOP