Privileged account creation via Mass Assignment towards a full compromise using a Stored XSS

Stored Cross Site Scripting

Using the account creation mechanism, it was possible to obtain an account with privileged rights from a Mass Assignment. From this privileged account, the injection of a payload allowed to realize a Stored XSS within the administration panel impacting an administrator account.