bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/34624.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

15 lines
No EOL
597 B
Text
Raw Blame History

# Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing!
# Discovered by: Provensec
# Website: http://www.provensec.com
# Author: Provensec Labs
# Type of vulnerability: XSS Stored
# Description:
1 Goto http://server add a new lead fill all the fields properly but Fill the email filed with xss payload as given in the screenshot
http://prntscr.com/4lf043
payload used "><img src=d onerror=confirm(/provensec/);>
2 click save and close button
http://prntscr.com/4lf0ej
Reference in a new issue View git blame Copy permalink