email-signature

1 article
sort: new top best
clear filter
bug-bounty480 google297 xss277 microsoft249 facebook211 rce159 apple150 exploit136 bragging-post102 account-takeover98 malware94 csrf84 cve79 privilege-escalation74 authentication-bypass65 stored-xss65 writeup61 reflected-xss57 browser54 react53 ssrf51 phishing50 dos50 input-validation49 cloudflare49 access-control49 cross-site-scripting48 node46 aws46 smart-contract45 docker45 sql-injection45 ethereum44 defi43 web-security43 web-application42 supply-chain42 oauth41 web339 burp-suite36 lfi34 vulnerability-disclosure34 idor34 html-injection33 smart-contract-vulnerability32 race-condition32 clickjacking31 reverse-engineering31 information-disclosure30 csp-bypass30
0 7/10
How I xssed admin account
bug-bounty

A stored XSS vulnerability in EspoCRM 5.6.8's email signature field (exploited via polyglot payload bypassing sanitization) allows attackers to steal authentication cookies when victims reply to emails, enabling complete account takeover of any user including admins. The vulnerability stems from unprotected HttpOnly cookies containing Base64-encoded credentials that can be extracted via malicious JavaScript.

stored-xss account-takeover cookie-theft authentication-bypass crm espocrm polyglot-payload html-injection email-signature httponly-missing csrf-token javascript-obfuscation unicode-encoding
CVE-2019-14546 EspoCRM EspoCRM 5.6.8 Gaurav Narwani Somdev Sangwan
gauravnarwani.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details