WordPress 2.8.3 XSS?
-
when i was uploading a new theme, i was asked to put ftp data
so if you put a xss code in the username field + host valid + invalid password
the javascript code will execute ..this is url
https://host.com/wp-admin/update.php?action=upload-theme&package=lala.zip&_wpnonce=1aaaaa1a1a
but i thing “_wponce” is type of id of admin , then the xss cant exploit without the value of _wponce ??
regards and sorry google is not a good teacher of english XD
- The topic ‘WordPress 2.8.3 XSS?’ is closed to new replies.