Opencart 3.x – Cross-Site Scripting

• Exploit Database
• 10 阅读

• 作者： Nipun Somani
  日期： 2019-09-02
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/47331/

• # Exploit Title: Opencart 3.x.x Authenticated Stored XSS
  # Date: 08/15/2019
  # Exploit Author: Nipun Somani
  # Author Web: http://thehackerstore.net
  # Vendor Homepage: https://www.opencart.com/
  # Software Link: https://github.com/opencart/opencart
  # Version: 3.x.x
  # Tested on: Debian 9, Windows 10 x64
  # CVE : CVE-2019-15081
  
  
  Description:
  The Opencart Version 3.x.x allows editing Source/HTML of the Categories /
  Product / Information pages in the admin panel which isn't sanitized to
  user input allowing for an attacker to execute arbitrary javascript code
  leading to Stored Cross-Site-Scripting(XSS).
  
  Proof-of-Concept(POC):
  
  1. Log-in to admin-panel.
  2. Navigate to Catlog and then select any of [Categories or Products or Information] options and and pick any entry or create one.
  3. Under description click on Source option and insert your XSS payload.
  i.e: "><script>alert("XSS")</script>
  4. Now visit the modified page of your public website. And your injected XSS payload will execute.