Thursday, December 24, 2015

Local File XSS Vulnerability in Wordpress.com (Write Up)


Friday, December 18, 2015 around 3 AM midnight. I was about to write a blog post for my Year in Review 2015 and because of that, I found a Local File XSS Vulnerability. I called this as "Local File XSS" because the XSS came from the localhost.

3 AM of December 18, 2015 while writing a blog post, I found a HTML file in my desktop. I opened the file on sublime and found out that it was encoded with XSS Payload then opened it on my browser. I accidentally drag the broken images cause by XSS payload to the Wordpress editor box and luckily found a Cross Site Scripting.



Proof of Concept

Local File XSS Vulnerability in Wordpress.com
Local File XSS Vulnerability in Wordpress.com



--Timeline--

Reported: 2015-12-17 05:19:12 +0800

Status: Duplicate



I hope you enjoy this article.



Happy Holidays,

Evan - [email protected]

Please don't forget to leave a comment or share this article.




Have patience. All things are difficult before they become easy.


~Saadi

1 comment:

  1. nice one sir Evan, ganyan din po ung nahanap ko na bug sa Google Docs :)

    ReplyDelete