bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/49040.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

20 lines
No EOL
788 B
Text
Raw Permalink Blame History

#Exploit Title: Touchbase.io 1.10 - Stored Cross Site Scripting
#Date: 2020-11-11
#Exploit Author: Simran Sankhala
#Vendor Homepage: https://touchbase.ai/
#Software Link: https://touchbase.ai/
#Version: 1.1.0
#Tested on: Windows 10
#Proof Of Concept:
touchbase.ai application allows stored XSS, via the 'Add User' module,
that is rendered upon 'Contacts' page visit.
To exploit this vulnerability:
Steps to Reproduce:
1. Login to the application, goto 'Contacts' module and add the user
2. Inject the payload = <marquee onstart=alert(document.cookie)> in the
'Name' field
3. Fill the other details, and save the details.
4. Go to the 'Contacts' module again, and we can see that our entered
XSS Script is executed in the name field and the pop-up appears with the
session cookie details.
Reference in a new issue View git blame Copy permalink