Read Time:24 Second
Posted by Andrey Stoykov on Sep 16
# Exploit Title: Stored XSS to Account Takeover – htmlyv2.9.9
# Date: 9/2024
# Exploit Author: Andrey Stoykov
# Version: 2.9.9
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/08/friday-fun-pentest-series-9-stored-xss.html
Description:
– It was found that the application suffers from stored XSS
– Low level user having an “author” role can takeover admin account and
change their password via posting a malicious…