Lucene search

K
huntrJosefjku7152B340-C6F3-4AC8-9F62-F764A267488D
HistoryJan 23, 2023 - 9:56 p.m.

Stored XSS - allows stealing Admin and Users Cookies

2023-01-2321:56:09
josefjku
www.huntr.dev
11
stored xss
cross-site-scripting
vulnerability
javascript code
admin cookies
users cookies
exploitation steps
penetration test

EPSS

0.001

Percentile

23.5%

Dear Ladies and Gentlemen,

First of all thank you for your time and effort in reading my Report.

While doing the Penetration Test my Brother Ahmed Hassan ([email protected]) and I were able to identify a stored XSS Cross-Site-Scripting Vulnerability.

The Process of the Vulnerability:

Login
Go to https://roy.demo.phpmyfaq.de/admin/?action=instances
Type any kind of Javascript Code like <script>alert(‘1’)</script>
The Attacker can inject Javascript Code and steal Users and Admin Cookies to takeover their Account.

Through this, any Attacker can inject Javascript Code and use further Vulnerabilities to use other Exploitation Steps.

Finally, I want to thank you for your time and effort, and hope to hear from you soon.

Best regards
Josef Hassan & Ahmed Hassan

EPSS

0.001

Percentile

23.5%

Related for 7152B340-C6F3-4AC8-9F62-F764A267488D