04fa5ba95d
6 changes to exploits/shellcodes/ghdb Gitea 1.24.0 - HTML Injection Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE) Loaded Commerce 6.6 - Client-Side Template Injection(CSTI) TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated) VeeVPN 1.6.1 - Unquoted Service Path
19 lines
No EOL
756 B
Text
19 lines
No EOL
756 B
Text
Exploit Title: TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
|
Date: 10th, March, 2025
|
|
Exploit Author: ABABANK REDTEAM
|
|
Vendor Homepage: https://compassplustechnologies.com/
|
|
Version: 3.2.41.10.26
|
|
Tested on: Window Server 2016
|
|
|
|
1. Login to web application
|
|
2. Click on `Entire System` goto `Monitoring` then click on `Terminals
|
|
Monitoring`
|
|
3. Select any name below `Terminals Monitoring` then click on `Open Object
|
|
in Tree`
|
|
4. Select on Filter then supply with any filter name then click `Apply
|
|
Filter`
|
|
5. On the right side select on `Save Settings in Explorer Tree`, on the
|
|
`Enter Explorer Item Title` supply the payload <img src=x
|
|
onerror=alert(document.domain)> then click OK.
|
|
|
|
Payload: <img src=x onerror=alert(document.domain)> |