# Exploit Title: WBCE - Stored XSS # Date: 07/2023 # Exploit Author: Andrey Stoykov # Version: 1.6.1 # Tested on: Windows Server 2022 # Blog: http://msecureltd.blogspot.com
Steps to Exploit: 1. Login to application 2. Browse to following URI "http://host/wbce/admin/pages/intro.php"; 3. Paste XSS payload "TEST"><img src=x onerror=alert(1)>" 4. Then browse to settings "Settings->General Settings->Enable Intro Page->Enabled" _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
