bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/49268.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

29 lines
No EOL
1.3 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Seotoaster 3.2.0 - Stored XSS on Edit page properties
# Exploit Author: Hardik Solanki
# Vendor Homepage: https://www.seotoaster.com/
# Software Link: https://crm-marketing-automation-platforms.seotoaster.com/
# Version: 3.2.0
# Tested on Windows 10
XSS ATTACK:
Cross-site Scripting (XSS) is a client-side code injection attack. The
attacker aims to execute malicious scripts in a web browser of the victim
by including malicious code in a legitimate web page or web application.
The actual attack occurs when the victim visits the web page or web
application that executes the malicious code. The web page or web
application becomes a vehicle to deliver the malicious script to the users
browser. Vulnerable vehicles that are commonly used for Cross-site
Scripting attacks are forums, message boards, and web pages that allow
comments.
XSS IMPACT:
1: Steal the cookie
2: User redirection to a malicious website
Vulnerable Parameters: Edit page properties
Steps to reproduce:
1: Navigate to "https://localhost/" and log in with valid credentials.
2: Then navigates/click on "Edit page properties".
3: Add the payload "*"><script>alert(document.cookie)</script>*", on "Page header H1 tag" field and click on "Save Page" button. Page Saved succesfully.
4: Hence XSS will get stored and trigger on the main home/main page.
Reference in a new issue View git blame Copy permalink