Monday, 16 September 2024

Friday Fun Pentest Series - 11 - Stored XSS in "Edit Profile" - htmlyv2.9.9


Description

- It was found that the application suffers from stored XSS

- The vulnerability was found to be in the "Edit Profile" page

- Vulnerable parameter was "Content"


Stored XSS in "Edit Profile"

Steps to Reproduce:

  1. Login as author
  2. Browse to "Edit Profile"
  3. In "Content" field add payload "><img src=x onerror=alert(1)>
  4. Then refresh the "Edit Profile" page

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Friday Fun Pentest Series - 46 - Stored Cross-Site Scripting (XSS) via SVG File Upload - totaljsv5013

Description - It was noted that the applications file upload functionality was vulnerable to Stored Cross-Site Scripting (XSS) via an SVG im...