Cross-site Scripting (XSS) - Stored in hestiacp/hestiacp
Aug 19th 2023
1. Go to Setting Server ==> Choose Configuare. 2. Continue to choose backup ==> Remote Backup. 3. Inject the payload into the fields host,port,username...
Proof of Concept
link ProC : https://drive.google.com/file/d/1DcCMP9lT93HYNO3RzGllCV_u3Mgk7yfK/view?usp=sharing
payload = "><img src=x onerror=alert(1)
Stored XSS vulnerabilities can lead to data theft, account compromise, and the distribution of malware. Attackers can inject malicious scripts into a website, allowing them to steal sensitive information or hijack user sessions. Additionally, stored XSS can result in website defacement and content manipulation, causing reputational damage. It can also be used as a platform for launching phishing attacks, tricking users into revealing their credentials or sensitive data