Monday, 16 September 2024

Friday Fun Pentest Series - 10 - Stored XSS in "Menu Editor" - htmlyv2.9.9

Description

- It was found that the application suffers from stored XSS

- The vulnerability was found to be in the "Menu Editor" page

- Vulnerable parameters were "Name" and "Slug"


Stored XSS in "Menu Editor"

Steps to Reproduce:

  1. Login as admin or author
  2. Browse to "Menu Editor"
  3. In "Name" field add payload "><img src=x onerror=alert(1)>
  4. In "Slug" field add payload "><img src=x onerror=alert(1)>
  5. Click "Save Edit" > "Save Menu"


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Friday Fun Pentest Series - 15 - OOB XXE - fronsetiav1.1

Description - The application is vulnerable to OOB XXE injection XXE  #1 - " show_operations.jsp " Steps to Reproduce: Add Python3...