writeups.xyz / H1-4420: From Quiz to Admin - Chaining Two 0-Days to Compromise An Uber Wordpress

Submitter : c2a

Date: 10 September 2019

Bounty : undisclosed

Vulnerabilities :

• Stored XSS
• SQL Injection

Programs :

• Uber

Authors :

• Julien Ahrens (@MrTuxracer)

Link :
https://www.rcesecurity.com/2019/09/H1-4420-From-Quiz-to-Admin-Chaining-Two-0-Days-to-Compromise-an-Uber-Wordpress/