This exploit demonstrates a stored XSS vulnerability in BlogEngine 3.3.8 by injecting a malicious payload into the 'Content' parameter of a POST request. The payload is executed when the post is viewed.
Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:BlogEngine.NET 3.3.8
Auth required
Prerequisites:Valid credentials to access the admin panel · Intercepting proxy to modify POST requests