Share
## https://sploitus.com/exploit?id=1337DAY-ID-39783
# Exploit Title: SofaWiki 3.9.2 - Stored XSS (Authenticated)
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://www.sofawiki.com
# Software Link: https://www.sofawiki.com/site/files/snapshot.zip
# Version: 3.9.2
# Tested on: Windows XP


Summary:

A stored XSS exists in SofaWiki's Open Ticket feature. An authenticated
user can inject a JavaScript payload into the ticket's title field, which
triggers whenever the ticket is viewed.


Proof of Concept (PoC):

1. Login and go to New Ticket:

http://localhost/sofawiki/index.php?name=special:tickets&ticketaction=new

2. Use this payload in the Title field:
<script>alert('XSS');</script>

3. Click Open Ticket the alert will be triggered.
The payload runs each time the ticket is opened.