Skip to content

Latest commit

 

History

History
21 lines (12 loc) · 816 Bytes

XSS4.md

File metadata and controls

21 lines (12 loc) · 816 Bytes
Raw

uasoft-indonesia--badaso

Description: Badaso v2.9.7 was discovered to contain a Cross Site Scripting (store XSS).

Affected Component: All versions that are below Badaso v2.9.7

Step to reproduce:

Detection and Exploitation:

  1. log in to the dashboard with the account have the role Editor
  2. Go to category => add new category or edit category
  3. Inject payload : "' test <img src="" onerror="alert()"> to title and submit.
  4. log in to admin account to the dashboard and access to new post or edit port or new Category or Category edit then malicious is execute

POC: image image