Webigniter v28.7.23 stored cross site scripting (xss) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2024-02-21 |
Type : webapps |
Platform : php
This exploit / vulnerability Webigniter v28.7.23 stored cross site scripting (xss) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting (XSS)
# Exploit Author: Sagar Banwa
# Date: 19/10/2023
# Vendor: https://webigniter.net/
# Software: https://webigniter.net/demo
# Reference: https://portswigger.net/web-security/cross-site-scripting
# Tested on: Windows 10/Kali Linux
# CVE : CVE-2023-46391
Stored Cross-site scripting(XSS):
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.
Steps-To-Reproduce:
1. Login to the Account
2. Go to the Categories.
3. Now add catagory > Name section use payload : "><script>alert(1)</script> and choose layoutfile as cat.php