Vulners
Lucene search
SASS BILLER 1.0 Cross Site Scripting
`# Exploit Title: SASS BILLER 1.0 - Stored XSS
# Exploit Author: CraCkEr
# Date: 12/07/2023
# Vendor: Bug Finder
# Vendor Homepage: https://bugfinder.net/
# Software Link: https://bugfinder.net/product/sass-biller-a-sass-based-invoicing-and-billing-platform/19
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site
## Description
Allow Attacker to inject malicious code into website, give ability to steal sensitive
information, manipulate data, and launch additional attacks.
Path: /sassbiller/company/store
POST parameter 'name' is vulnerable to XSS
-----------------------------------------------------------
POST /sassbiller/company/store HTTP/2
Content-Disposition: form-data; name="name"
<script>alert(1)</script>
-----------------------------------------------------------
## Steps to Reproduce:
1. Login as (Normal User)
2. Go to [Company] on this Path: https://website/sassbiller/company/list
3. Click on [Add company]
4. Inject your XSS Payload in [name] and fill out all the other required fields
5. Click on [Add company]
6. When ADMIN visit [Company List] on this Path: https://website/sassbiller/admin/company/list
7. XSS Will Fire and Executed on his Browser
[-] Done
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jul 2023 00:00Current
7.1High risk
Vulners AI Score7.1