Tag: xss

Exploiting XSS with filter bypass using HTML encoding and eval+atob to perform CSRF and exfiltrate sensitive administrator information in a CTF.

Step-by-step explanation and PoC of the chain of vulnerabilities in WordPress 5.1 (patched in 5.1.1): CSRF in comments → Stored XSS via wp_kses bypass → RCE by editing plugin as administrator. Requires victim interaction (visiting malicious page).

Complete guide to XSS vulnerabilities: types (Reflected, Stored, DOM-Based), filter bypass techniques, and payloads to evade validations and WAFs.