प्रस्तुत करा #181789: Finounce 1.0 - Stored XSSमाहिती:

पदवी	Finounce 1.0 - Stored XSS
वर्णन	# Exploit Title: Finounce 1.0 - Stored XSS # Exploit Author: skalvin aka (CraCkEr) # Date: 12/07/2023 # Vendor: Bug Finder # Vendor Homepage: https://bugfinder.net/ # Software Link: https://bugfinder.net/product/finounce-an-advance-peer-to-peer-crypto-exchange-platform/20 # Tested on: Windows 10 Pro # Impact: Manipulate the content of the site ## Description Allow Attacker to inject malicious code into website, give ability to steal sensitive information, manipulate data, and launch additional attacks. Path: /finounce/user/ticket/create POST parameter 'message' is vulnerable to XSS ----------------------------------------------------------- POST /finounce/user/ticket/create HTTP/2 Content-Disposition: form-data; name="message" <script>alert(1)</script> ----------------------------------------------------------- ## Steps to Reproduce: 1. Login as (Normal User) 2. Go to [Support Ticket] on this Path: https://website/finounce/user/ticket 3. Click on [Create Ticket] on this Path: https://website/finounce/user/ticket/create 4. Enter Any Subject 5. Inject your XSS Payload in [Message Box] 6. Click on [Submit] 7. When ADMIN visit [SUPPORT TICKETS] on this Path: https://website/finounce/admin/tickets and Open the [New Pending Ticket] 8. XSS Will Fire and Executed on his Browser [-] Done
उपयोगकर्ता	skalvin (UID 49463)
आधीनता	12/07/2023 10:39 PM (3 वर्षानुवर्षे ago)
नेमस्तपणा	21/07/2023 10:40 PM (9 days later)
स्थान	मान्य केले
VulDB entry	235157 [Bug Finder Finounce 1.0 Ticket /user/ticket/create निरोप क्रॉस साइट स्क्रिप्टिंग]
मुद्दे	17

◂ मागील बाजूस सिंहावलोकन पुढील ▸

Might our Artificial Intelligence support you?

Check our Alexa App!