40ceb13974
3 changes to exploits/shellcodes/ghdb FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS) JUX Real Estate 3.4.0 - SQL Injection
18 lines
No EOL
472 B
Text
18 lines
No EOL
472 B
Text
# Exploit Title: FluxBB 1.5.11 Stored xss
|
|
# Date: 3/8/2025
|
|
# Exploit Author: Chokri Hammedi
|
|
# Vendor Homepage: www.fluxbb.org
|
|
# Software Link: https://www.softaculous.com/apps/forums/FluxBB
|
|
# Version: FluxBB 1.5.11
|
|
# Tested on: Windows XP
|
|
|
|
|
|
1. login to admin panel
|
|
2. go to /admin_forums.php
|
|
3. click on "add forum"
|
|
4. in description text area put this payload:
|
|
|
|
<iframe src=javascript:alert(1)>
|
|
|
|
5. save changes
|
|
now everytime users enter the home page will see the alert. |