Hello

In the Cronjob we can change the Interval Time the Dropdown Menu “minutes” to a stored HTML Injection.

The Vulnerabilities are 2:

1. First thing the Dropdown Menu should be fixed and nobody can alter or change anything which we will do
2. Second we can implement a stored HTML Injection with a Link which redirects to a malicious Link for Phishing
, downloading Malware, stealing Cookes etc.

Lets see
——-
as you can see the runtime is a dropdown menu and is not allowed to change !! we cant write anything
lets change it first and then add an HTML Injection Payload

As you can see i am able to put any Put in the Dropdown Menu which is not possible cause a drop down menu
is having selected Fields and Information

After that i will inject an HTML Injection Payload

HTML INJECTION implemented and through a Click we will be redirected to malicious Site where Malware
will be automatically installed on your PC.

As you can see this is the Proof of Concept for both Vulnerabilities.

Thank you for watchting 🙂

Best regards
Ahmed HassanRead More