CVE-2022-31301
Haraj Script 3.7 - Post Ads Authenticated Stored XSS
Exploit Title: Haraj Script 3.7 - Authenticated Stored XSS
Date: 2022-06-13
CVE: CVE-2022-31301
Exploit Author: Abdulaziz Saad (@b4zb0z)
Vendor Homepage: https://angtech.org/
Software Link: https://angtech.org/product/view/3
Version: 3.7
Tested on: LAMP, Ubuntu
[#] Exploitation :
almost all input fields in creating new ad page are vulnerable and can be exploited directly with js payload