Read Time:24 Second

Posted by Andrey Stoykov on Sep 16

# Exploit Title: Stored XSS to Account Takeover – htmlyv2.9.9
# Date: 9/2024
# Exploit Author: Andrey Stoykov
# Version: 2.9.9
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/08/friday-fun-pentest-series-9-stored-xss.html

Description:

– It was found that the application suffers from stored XSS

– Low level user having an “author” role can takeover admin account and
change their password via posting a malicious…

Read More