Cross Site Scripting on Bucket

Question

Cross Site Scripting on Bucket

Closed this issue 3 years ago · 2 comments

Description

Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type-I XSS.

Steps to Reproduce

Create a new Bucket on your Spica Engine
Click "Add New" and enter the Title to your XSS Payload.

Proof

https://imgur.com/CWhfBJm

Impact

Can steal Cookie, Can run javascript code, etc

Answer 1 · 2021-08-16T11:35:32.000Z

@akhnos @thesayyn @htuna07 @emre2345

Answer 2 · 2021-08-16T12:06:11.000Z

Thanks for creating this issue. We are taking an action for the related security issue. We are happy to see your commitment and contribution on this pen-test. @aydinnyunus