Hello,This is me!

Abdul Wahab

A Security Engineer Bug Bounty Hunter Synack Red Team Member

Wednesday, 30 November 2016

Stored Xss in OnePageCrm


Aslam-O-Alaikum,

Friends,Hope You all are Fine.Today i am Going to Share the PoC of Stored Xss i Recently Founded in
OnepageCrm.

OnepageCrm:

OnePageCRM is a simple online sales CRM for small business. Focus on your Next Action to easily convert leads into customers and grow your business.

Summary Of Report
  • Submitted: 2016-11-20 15:33:41 UTC
  • State changed to resolved :2016-11-29 13:00:26 UTC
  • While Testing OnePageCrm I Oberved that Signup Field(Address Field) 
    Is Vulnerable to Xss so i try That and it Popup with my happiness.

    1.Signup with Contact Name in Address Field Below:-
    <script>alert(1);</script>
    2.Login with account
    3.Xss Executed

    Thanks,
    ABDULWAHAB,
    Independent Cyber Security Researcher,


    Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna Veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.

    0 comments:

    Post a Comment

    SEND ME A MESSAGE

    Search

    Hi There, I am

    Instagram

    About Me

    My photo
    Turning my passion into my professional life. Love to break road and dig deeper as much as possible. Believe in no system is secure. Acknowledged by Google,Facebook,Paypal,Twitter and 250+ tech giants.

    About Me

    Social media

    Flickr

    Popular Posts