Open Redirect / Reflected XSS – booked-schedulerv2.8.5 –

– [[{“value”:”

Posted by Andrey Stoykov on Oct 28

# Exploit Title: Open Redirect / Reflected XSS – booked-schedulerv2.8.5
# Date: 10/2024
# Exploit Author: Andrey Stoykov
# Version: 2.8.5
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-13-reflected.html
https://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-12-open.html

Open Redirect:

Steps to Reproduce:

1. Login and intercept HTTP request with a proxy such as Burpsuite or ZAP
2….
“}]] – Read More  – Full Disclosure