e95d9f2c13
23 changes to exploits/shellcodes dirsearch 0.4.1 - CSV Injection IObit Uninstaller 10 Pro - Unquoted Service Path WinAVR Version 20100110 - Insecure Folder Permissions PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation H2 Database 1.4.199 - JNI Code Execution Responsive ELearning System 1.0 - 'id' Sql Injection Responsive E-Learning System 1.0 - 'id' Sql Injection Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF) IPeakCMS 3.5 - Boolean-based blind SQLi Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE Responsive E-Learning System 1.0 - Stored Cross Site Scripting WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting Newgen Correspondence Management System (corms) eGov 12.0 - IDOR Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated) Resumes Management and Job Application Website 1.0 - Multiple Stored XSS Gitea 1.7.5 - Remote Code Execution Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)
21 lines
No EOL
695 B
Text
21 lines
No EOL
695 B
Text
# Exploit Title: OpenCart 3.0.3.6 - 'Profile Image' Stored Cross Site Scripting (Authenticated)
|
|
# Date: 24-11-2020
|
|
# Exploit Author: Hemant Patidar (HemantSolo)
|
|
# Vendor Homepage: https://www.opencart.com/
|
|
# Software Link: https://www.opencart.com/index.php?route=cms/download
|
|
# Version: 3.0.3.6
|
|
# Tested on: Windows 10/Kali Linux
|
|
# CVE: CVE-2020-29471
|
|
|
|
Vulnerable Parameters: Profile Image.
|
|
|
|
Steps-To-Reproduce:
|
|
1. Go to the opencart admin page.
|
|
|
|
2. Now go to the profile page.
|
|
|
|
* Before the next step write this in notepad ""><svg onload=alert("XSS")>" and save it as an payload.png
|
|
|
|
3. Now edit the image and uplaod the image as payload.png.
|
|
|
|
4. The XSS will be triggered. |