3daddca955
7 changes to exploits/shellcodes Zyxel USG FLEX 5.21 - OS Command Injection Telesquare SDT-CW3B1 1.1.0 - OS Command Injection Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 - Remote Code Execution (RCE) SolarView Compact 6.00 - Directory Traversal Contao 4.13.2 - Cross-Site Scripting (XSS) Microweber CMS 1.2.15 - Account Takeover
15 lines
No EOL
425 B
Text
15 lines
No EOL
425 B
Text
# Exploit Title: Academy-LMS 4.3 - Stored XSS
|
|
# Date: 19/12/2020
|
|
# Vendor page: https://academy-lms.com/
|
|
# Version: 4.3
|
|
# Tested on Win10 and Google Chrome
|
|
# Exploit Author: Vinicius Alves
|
|
|
|
# XSS Payload: </script><svg onload=alert();>
|
|
|
|
1) Access LMS and log in to admin panel
|
|
2) Access courses page
|
|
3) Open course manager and SEO menu
|
|
4) Paste the XSS Payload tag and Submit
|
|
5) Access the course page on frontend
|
|
6) Trigged! |