Cross-site Scripting (XSS) - Stored in jam-py/jam-py


Reported on

Apr 27th 2021

✍️ Description

Stored XSS at comment box at suppliers Profile. In fact, all input has XSS. No input parameter is sanitized before saving in the database.

🕵️‍♂️ Proof of Concept

  1. git clone
  2. cd jam-py && python install
  3. cd demo
  4. python
  5. Open localhost:8080 in browser and click on customer dashboard
  6. Edit any Customer and Add this payload to Company or any input field
  7. Try to save and view the edited History you will see javascript begin executed


💥 Impact

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. The attacker can carry out any of the actions that are applicable to the impact of reflected XSS vulnerabilities.

In terms of exploitability, the key difference between reflected and stored XSS is that a stored XSS vulnerability enables attacks that are self-contained within the application itself. The attacker does not need to find an external way of inducing other users to make a particular request containing their exploit. Rather, the attacker places their exploit into the application itself and simply waits for users to encounter it.

a year ago


Payload : <details open ontoggle=confirm()> | <a href="javascript%26colon;alert(1)">click

to join this conversation