1873a7d234
12 changes to exploits/shellcodes WhatsApp 2.18.31 - Memory Corruption Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Libuser - roothelper Privilege Escalation (Metasploit) Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery VirtueMart 3.1.14 - Persistent Cross-Site Scripting Rockwell Scada System 27.011 - Cross-Site Scripting Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting
15 lines
No EOL
922 B
Text
15 lines
No EOL
922 B
Text
# Exploit Title: VirtueMart 3.1.14 - Persistent Cross-Site Scripting
|
|
# Date: 2018-02-25
|
|
# Software Link: http://virtuemart.net/
|
|
# Exploit Author: Mattia Furlani
|
|
# CVE: CVE-2018-7465
|
|
# Category: webapps
|
|
|
|
# 1. Description
|
|
# An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the admin area of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.
|
|
|
|
# 2. Proof of Concept
|
|
Having the permissions to edit the config/products, you can simply write </textarea><script>alert(1)</script> inside a textarea, when someone will edit it back the alert will execute on the editor's browser
|
|
|
|
# 3. Solution: Upgrade to 3.2.14
|
|
# http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling |