[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] WBCE - Stored XSS
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: [FD] WBCE - Stored XSS
- From: Andrey Stoykov <mwebsec@xxxxxxxxx>
- Date: Fri, 14 Jul 2023 14:57:35 +0300
# Exploit Title: WBCE - Stored XSS
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 1.6.1
# Tested on: Windows Server 2022
# Blog: http://msecureltd.blogspot.com
Steps to Exploit:
1. Login to application
2. Browse to following URI "http://host/wbce/admin/pages/intro.php"
3. Paste XSS payload "TEST"><img src=x onerror=alert(1)>"
4. Then browse to settings "Settings->General Settings->Enable Intro
Page->Enabled"
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/