I was trying to test my WordPress website security which right now I am baffled. In a form, I entered <script>alert('XSS Expoit worked');</script> in the input. After submitting the form, a pop-up box appeared on the next page. This means my form is not yet secured. But that’s not the problem.
Let me explain first, the submission of that XSS script will be update in the user by update_user_meta() and should be available on the usermeta table in the database.
if(isset($_POST['submit_userinfo'])) {
global $current_user;
get_currentuserinfo();
$user_id = $current_user->ID;
if(!wp_verify_nonce($_POST['peoplesweep_user_form'],'peoplesweep_form_submit')){
wp_die('Our Site is protected!!');
}
else{
$nric = $_POST['nric'];
update_user_meta( $user_id, 'nric', $nric );
wp_redirect(get_permalink('next_page')); // next page after submission success
}
}
The problem here is, I did not find the script in the table & every time I logout & login then skip to the next_page, the script still pops out. I need to know where it was stored so that I can delete them.
Any ideas where the script stored? And/Or how am I going to review any changes in the database????
Did you try checking
wp_usermetatable?You can refer to this link to get a really helpful and detailed description of WordPress database structure.