Back to directory
WRITEUP #5146

H1-4420: From Quiz to Admin - Chaining Two 0-Days to Compromise An Uber Wordpress

XSSStored XSSSQL injection
by@MrTuxracer(Julien Ahrens)
Program
Uber
Published
Sep 10, 2019
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://www.rcesecurity.com/2019/09/H1-4420-From-Quiz-to-Admin-Chaining-Two-0-Days-to-Compromise-an-Uber-Wordpress/
RELATED WRITEUPS
Stored XSS in LibreOffice
XSSStored XSS
Persistent XSS on Microsoft Bing.com by poisoning Bingbot indexing
XSSStored XSS
Canary Token OSS Security Audit Report (Q2 2024)
XSSDoS
Type confusion attacks in ProseMirror editors
XSSType confusion
Directory Traversal, SQL Injection and Server-Side Request Forgery
SQL InjectionPath traversal

Built with ❤️ by Shubham Rawat