Read Time:24 Second
Posted by Andrey Stoykov on Oct 28
# Exploit Title: Open Redirect / Reflected XSS – booked-schedulerv2.8.5
# Date: 10/2024
# Exploit Author: Andrey Stoykov
# Version: 2.8.5
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-13-reflected.html
https://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-12-open.html
Open Redirect:
Steps to Reproduce:
1. Login and intercept HTTP request with a proxy such as Burpsuite or ZAP
2….