You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found a cross-site scripting attack on the new content creating page http://localhost:800/admin/new-content
it will execute the script in user context allowing the attacker to access any cookies or sessions tokens retained
by the browser.
Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application.
Steps to reproduce the problem
login into the account
click on the new content like in that image
click on the images button
select the payload svg file which is injected with xss payload or ssrf payload
Describe your problem
I found a cross-site scripting attack on the new content creating page http://localhost:800/admin/new-content
it will execute the script in user context allowing the attacker to access any cookies or sessions tokens retained
by the browser.
Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application.
Steps to reproduce the problem
login into the account
click on the new content like in that image
click on the images button
select the payload svg file which is injected with xss payload or ssrf payload
Here is the POC for Admin account Privilaged user creation
https://youtu.be/wVfpRsuOovM?si=ZBQaZgfUq3pG5mUX
And Here is the payload which is i used
Bludit version
V3.15.0
PHP version
HP 8.2.10 (cli) (built: Sep 5 2023 05:43:15) (NTS)
The text was updated successfully, but these errors were encountered: