Wednesday, 30 April 2025

Friday Fun Pentest Series - 23 - Stored XSS - alegrocartv1.2.9

Description

- The application lacked output encoding and as a  result of that was vulnerable to Stored XSS


Stored XSS #1:

Steps to Reproduce:

  1. Login as demonstrator account and visit "Customers" > "Newsletter"
  2. In "Message" use the following XSS payload

<iframe srcdoc="<img src=x onerror=alert(document.domain)>"></iframe>

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Friday Fun Pentest Series - 46 - Stored Cross-Site Scripting (XSS) via SVG File Upload - totaljsv5013

Description - It was noted that the applications file upload functionality was vulnerable to Stored Cross-Site Scripting (XSS) via an SVG im...