Exploits / Vulnerability Discovered : 2023-06-14 |
Type : webapps |
Platform : php
This exploit / vulnerability Projectsend r1605 stored xss is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
Exploit Title: projectSend r1605 - Stored XSS
Application: projectSend
Version: r1605
Bugs: Stored Xss
Technology: PHP
Vendor URL: https://www.projectsend.org/
Software Link: https://www.projectsend.org/
Date of found: 11-06-2023
Author: Mirabbas Ağalarov
Tested on: Linux
1. Login as admin
2. Go to Custom Html/Css/Js (http://localhost/custom-assets.php)
3. Go to new JS (http://localhost/custom-assets-add.php?language=js)
4. Set content as alert("xss"); and set public
5. And Save
6. Go to http://localhost (logout)