uasoft-indonesia--badaso
Detection and Exploitation:
- log in to the dashboard with the account have the role Editor
- Go to category => add new category or edit category
- Inject payload : "' test <img src="" onerror="alert()"> to title and submit.
- log in to admin account to the dashboard and access to new post or edit port or new Category or Category edit then malicious is execute