[webapps] GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)

4 years ago 204
BOOK THIS SPACE FOR AD
ARTICLE AD
# Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated) # Author: Balzabu # Discovery Date: 2020-07-23 # Vendor Homepage: https://goautodial.org/ # Software Link: https://goautodial.org/GOautodial-4-x86_64-Final-20191010-0150.iso.html # Tested Version: 4.0 (Last relase as of today) # Tested on OS: CentOS 7 # STEPS TO REPRODUCE: # 1 - Log in as an agent # 2 - Write a new message to user goadmin with: Subject: Help me, I can't connect to the webphone <script src=1 href=1 onerror="javascript:alert(document.cookies)"></script> Text: whatever you want # 3 - Send and wait for goadmin to read the message... :-)
Read Entire Article