Rocket LMS 1.9 – Persistent Cross Site Scripting (XSS)

• Exploit Database
• 46 阅读

• 作者： Sergio Medeiros
  日期： 2024-05-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/52018/

• # Title: Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)
  # Date: 04/16/2024
  # Exploit Author: Sergio Medeiros
  # Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735
  # Software Link: https://lms.rocket-soft.org
  # Version: 1.9
  # Tested on Firefox and Chrome Browsers
  # Patched Version: Patch Pending
  # Category: Web Application
  # CVE: CVE-2024-34241
  # Exploit link: https://grumpz.net/cve-2024-34241-a-step-by-step-discovery-guide
  # PoC:
  
  In order to exploit this systemic stored XSS vulnerability, identify theareas in the web application which has a WYSIWIG editor used, for example, the create/edit course description section. 
  Input random text in the description section, and create the course while intercepting the request with BurpSuite or your preferred proxy of choice.
  
  In the *description* parameter or the associated parameter that is handling the user input related to the WYSIWIG editor, input the following payload and then issue the request:
  <details/open/ontoggle=prompt(origin)>