Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Seotoaster 3.2.0 - Stored XSS on Edit page properties

 Share


Recommended Posts

# Exploit Title: Seotoaster 3.2.0 - Stored XSS on Edit page properties
# Exploit Author: Hardik Solanki
# Vendor Homepage: https://www.seotoaster.com/
# Software Link: https://crm-marketing-automation-platforms.seotoaster.com/
# Version: 3.2.0
# Tested on Windows 10

XSS ATTACK:
Cross-site Scripting (XSS) is a client-side code injection attack. The
attacker aims to execute malicious scripts in a web browser of the victim
by including malicious code in a legitimate web page or web application.
The actual attack occurs when the victim visits the web page or web
application that executes the malicious code. The web page or web
application becomes a vehicle to deliver the malicious script to the user’s
browser. Vulnerable vehicles that are commonly used for Cross-site
Scripting attacks are forums, message boards, and web pages that allow
comments.

XSS IMPACT:
1: Steal the cookie
2: User redirection to a malicious website

Vulnerable Parameters: Edit page properties

Steps to reproduce:
1: Navigate to "https://localhost/" and log in with valid credentials.
2: Then navigates/click on "Edit page properties".
3: Add the payload "*"><script>alert(document.cookie)</script>*", on "Page header H1 tag" field and click on "Save Page" button. Page Saved succesfully.
4: Hence XSS will get stored and trigger on the main home/main page.
            
Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...