Kopage Website Builder 4.4.15 Cross Site Scripting – Torchsec
- Kopage Website Builder 4.4.15 Cross Site Scripting
- Posted Dec 1, 2023
- Authored by tmrswrr
-
Kopage Website Builder version 4.4.15 suffers from a persistent cross site scripting vulnerability.
- SHA-256 |
fbd3eb9a6b1fa373e2b967ebba1f3a131fa434d38572c561c6273ce2e1c0683a - Download | Favorite | View
#Exploit Title: Kopage Website Builder version 4.4.15 – Stored Cross-Site Scripting (XSS)
#Date: 1/12/2023
#Exploit Author: tmrswrr
#Vendor Homepage: https://www.kopage.com/
#Version: Version : 4.4.15
#Tested on: https://demo.kopage.com/index.php#Poc:
1 ) Install the system through the website and log in with any user.
2 ) Go to Files field and click upload
3 ) Upload your svg file
Payload :
4 ) Open svg file url you will be see alert button.
Url : https://demo.kopage.com/demo/9ff16a191981a3f2ee0a7cca7/data/files/aaa.svg
Gloss