[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] WBCE - Stored XSS

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] WBCE - Stored XSS
From: Andrey Stoykov <mwebsec@xxxxxxxxx>
Date: Fri, 14 Jul 2023 14:57:35 +0300

# Exploit Title: WBCE - Stored XSS
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 1.6.1
# Tested on: Windows Server 2022
# Blog: http://msecureltd.blogspot.com


Steps to Exploit:

1. Login to application
2. Browse to following URI "http://host/wbce/admin/pages/intro.php";
3. Paste XSS payload "TEST"><img src=x onerror=alert(1)>"
4. Then browse to settings "Settings->General Settings->Enable Intro
Page->Enabled"
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Prev by Date: Re: [FD] Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability
Next by Date: [FD] [RT-SA-2023-001] Session Token Enumeration in RWS WorldServer
Previous by thread: [FD] Asterisk Release 20.3.1
Next by thread: [FD] [RT-SA-2023-001] Session Token Enumeration in RWS WorldServer
Index(es):
- Date
- Thread