Back to directory

WRITEUP #2464

WordPress Transposh: Exploiting a Blind SQL Injection via XSS - RCE Security

SQL InjectionXSSAccount takeover

by@MrTuxracer(Julien Ahrens)

Bounty

30,000

Program

WordPress

Published

Jul 22, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/

▸ RELATED WRITEUPS

Self-XSS to ATO via Site Features

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Directory Traversal, SQL Injection and Server-Side Request Forgery

SQL InjectionPath traversal

How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

XSSReflected XSS

Built with ❤️ by Shubham Rawat