Share
## https://sploitus.com/exploit?id=1337DAY-ID-33469
# Title: Getsup 3.1.45 (Version 3.1 patch 45) > All vers affected
# Author: @Eawhitehat - Eren Arslan
# Vendor: https://gestsup.fr/
# Demo available : https://demo.gestsup.fr/ (User: admin Password: admin)
# Software Link: https://gestsup.fr/index.php?page=download
# CVE: N/A

# Screenshot :
- https://prnt.sc/psvywq
- https://prnt.sc/psvz4z
- https://prnt.sc/psvzau
- https://prnt.sc/psvzgq

# Multiple XSS - Getsup ticketing

- XSS 1 :
Connect to panel Getsup,
Go to yours tickets -> All states -> Paste your payload on "Number" or "Title" form and press Enter for execute

- XSS 2 :
Connect to panel Getsup,
Go to All tickets -> All states -> Paste your payload on "Number" or "Title" form and press Enter for execute

- XSS 3 :
Connect to panel Getsup,
Find search form -> paste payload and press enter for execute

- XSS 4 :
Connect to panel Getsup,
Go to Calendar -> 
Go to calendar, double click on a date to create an event, then paste the XSS payload to infect the selected day, and double click to run it

# For 0day.today - 2019/11/05 - By @eawhitehat #

#  0day.today [2019-12-04]  #