Dear Ladies and Gentlemen,
First of all thank you for your time and effort in reading my Report.
While doing the Penetration Test my Brother Ahmed Hassan ([email protected]) and I were able to identify a stored XSS Cross-Site-Scripting Vulnerability.
The Process of the Vulnerability:
Login
Go to https://roy.demo.phpmyfaq.de/admin/?action=instances
Type any kind of Javascript Code like <script>alert(‘1’)</script>
The Attacker can inject Javascript Code and steal Users and Admin Cookies to takeover their Account.
Through this, any Attacker can inject Javascript Code and use further Vulnerabilities to use other Exploitation Steps.
Finally, I want to thank you for your time and effort, and hope to hear from you soon.
Best regards
Josef Hassan & Ahmed Hassan