Friday, December 18, 2015 around 3 AM midnight. I was about to write a blog post for my Year in Review 2015 and because of that, I found a Local File XSS Vulnerability. I called this as "Local File XSS" because the XSS came from the localhost.
3 AM of December 18, 2015 while writing a blog post, I found a HTML file in my desktop. I opened the file on sublime and found out that it was encoded with XSS Payload then opened it on my browser. I accidentally drag the broken images cause by XSS payload to the Wordpress editor box and luckily found a Cross Site Scripting.
Proof of Concept
|Local File XSS Vulnerability in Wordpress.com|
Reported: 2015-12-17 05:19:12 +0800
I hope you enjoy this article.
Evan - [email protected]
Please don't forget to leave a comment or share this article.
Have patience. All things are difficult before they become easy.