- WBCE v1.6.1
Information 
- Input not validated
- Stored Cross Site Scripting flaw
Exploit 
Steps to Exploit: 
1. Login to application 
2. Browse to following URI "http://host/wbce/admin/pages/intro.php" 
3. Paste XSS payload "TEST"><img src=x onerror=alert(1)>
4. Then browse to settings Settings->General Settings->Enable Intro Page->Enabled
 
 
No comments:
Post a Comment