Exploit/Advisories no image

Published on June 27th, 2023 📆 | 3042 Views ⚑

0

Rocket LMS 1.7 Cross Site Scripting – Torchsec


https://www.ispeech.org

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Vulnerability ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr :
│ Website : https://codecanyon.net/user/rocketsoft │
│ Vendor : RocketSoft │
│ Software : Rocket LMS 1.7 │
│ Vuln Type: Stored XSS │
│ Impact : Manipulate the content of the site │
│ │
│────────────────────────────────────────────────────────────────────────────────────────│
│ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ Allow Attacker to inject malicious code into website, give ability to steal sensitive │
│ information, manipulate data, and launch additional attacks. │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09

CryptoJob (Twitter) twitter.com/0x0CryptoJob

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2023 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

## Stored XSS

------------------------------------------------------------
POST /contact/store HTTP/1.1





_token=iytfhBpLDYy2flCFdMGcnYGIyvONBDgK60DdwAtn&name=[XSS Payload]&email=cracker@infosec.com&phone=96171951951&subject=[XSS Payload]&message=[XSS Payload]&captcha=32499
------------------------------------------------------------

POST parameter 'name' is vulnerable to XSS
POST parameter 'subject' is vulnerable to XSS
POST parameter 'message' is vulnerable to XSS

## Steps to Reproduce:

1. Login (as Student) "Normal User"
2. Click On [Contact US] on this Path (https://website/contact)
3. Inject your [XSS Payload] in "Your name"
4. Inject your [XSS Payload] in "Subject"
5. Inject your [XSS Payload] in "Message Box"
6. Click on [Send Message]

5. When ADMIN Visit the [Notifications] - [History] in administration Panel to Check new messages on this Path (https://website/admin/notifications) & Click on [Show]
6. XSS will Fire & Executed on his Browser

[-] Done



Source link

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑