Offensive Umbraco Part 3: XSS Weaponisation

An exploration of how a stored XSS vulnerability on an Umbraco site could be weaponised using Metasploit in order to obtain a reverse Meterpreter shell, with OpSec considerations.

Delivered in April 2023 at Defcon Edinburgh.

Slides: https://stvnhrlnd.github.io/offensive-umbraco-3

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
.github		.github
css		css
dist		dist
examples		examples
img		img
js		js
plugin		plugin
test		test
.gitignore		.gitignore
.npmignore		.npmignore
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
Outline.md		Outline.md
README.md		README.md
demo.html		demo.html
gulpfile.js		gulpfile.js
index.html		index.html
package-lock.json		package-lock.json
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Offensive Umbraco Part 3: XSS Weaponisation

About

Uh oh!

Sponsor this project

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Uh oh!

Folders and files

Latest commit

History

Repository files navigation

Offensive Umbraco Part 3: XSS Weaponisation

About

Resources

License

Contributing

Uh oh!

Stars

Watchers

Forks

Sponsor this project

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages