Posted by Andrey Stoykov on Jan 27# Exploit Title: Reflected XSS - atutorv2.2.4
# Date: 01/2025
# Exploit Author: Andrey Stoykov
# Version: 2.2.4
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2025/01/friday-fun-pentest-series-17-reflected.html
Description:
- It was found that the application was vulnerable to Reflected XSS.
Reflected XSS #1 - "theme_dir":
Steps to Reproduce:
1. Login to the application with admin user
2. Paste the following URL...
seclists.org
seclists.org
bsky.app
Hacker & Security News on Bluesky @hacker.at.thenote.app
TheNote.app (macOS, iOS and Android apps)
2025-01-28