Hello
It is possible to manipulate the Language Dropdown Menu and change it to anything the attacker wants.
Process of the Vulnerability:
1. Login
2. Go Miscellaneous -> Email & file templates
3. Add Template -> Change & Save and intercept the Request
4. Change the Language to anything you want
—-
Lets see 🙂
As you can see there are specific Languages nobody can select anything else.
Lets put HACKED inside it 🙂
The language is now HACKED lets see
AS you can see the language is now HACKED and it got accepted even if we have a Dropdown Menu
with specific Languages to choose from
Thank you for watching 🙂
Best regards
Ahmed HassanRead More