094f6f9304
7 changes to exploits/shellcodes/ghdb Apache OFBiz 18.12.12 - Directory Traversal Backdrop CMS 1.27.1 - Remote Command Execution (RCE) htmlLawed 1.2.5 - Remote Code Execution (RCE) PopojiCMS 2.0.1 - Remote Command Execution (RCE) Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS) Wordpress Theme XStore 9.3.8 - SQLi
18 lines
No EOL
1 KiB
Text
18 lines
No EOL
1 KiB
Text
# Title: Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)
|
|
# Date: 04/16/2024
|
|
# Exploit Author: Sergio Medeiros
|
|
# Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735
|
|
# Software Link: https://lms.rocket-soft.org
|
|
# Version: 1.9
|
|
# Tested on Firefox and Chrome Browsers
|
|
# Patched Version: Patch Pending
|
|
# Category: Web Application
|
|
# CVE: CVE-2024-34241
|
|
# Exploit link: https://grumpz.net/cve-2024-34241-a-step-by-step-discovery-guide
|
|
# PoC:
|
|
|
|
In order to exploit this systemic stored XSS vulnerability, identify theareas in the web application which has a WYSIWIG editor used, for example, the create/edit course description section.
|
|
Input random text in the description section, and create the course while intercepting the request with BurpSuite or your preferred proxy of choice.
|
|
|
|
In the *description* parameter or the associated parameter that is handling the user input related to the WYSIWIG editor, input the following payload and then issue the request:
|
|
<details/open/ontoggle=prompt(origin)> |