| Title | Rocket LMS 1.7 - Stored XSS |
|---|
| Description | Author : skalvin aka (CraCkEr)
Date : 26/06/2023
Website : https://codecanyon.net/user/rocketsoft
Vendor : RocketSoft
Software : Rocket LMS 1.7
Vuln Type: Stored XSS
Impact : Manipulate the content of the site
Release Notes:
Allow Attacker to inject malicious code into website, give ability to steal sensitive
information, manipulate data, and launch additional attacks.
## Stored XSS
------------------------------------------------------------
POST /contact/store HTTP/1.1
_token=iytfhBpLDYy2flCFdMGcnYGIyvONBDgK60DdwAtn&name=[XSS Payload]&[email protected]&phone=96171951951&subject=[XSS Payload]&message=[XSS Payload]&captcha=32499
------------------------------------------------------------
POST parameter 'name' is vulnerable to XSS
POST parameter 'subject' is vulnerable to XSS
POST parameter 'message' is vulnerable to XSS
## Steps to Reproduce:
1. Login (as Student) "Normal User"
2. Click On [Contact US] on this Path (https://website/contact)
3. Inject your [XSS Payload] in "Your name"
4. Inject your [XSS Payload] in "Subject"
5. Inject your [XSS Payload] in "Message Box"
6. Click on [Send Message]
5. When ADMIN Visit the [Notifications] - [History] in administration Panel to Check new messages on this Path (https://website/admin/notifications) & Click on [Show]
6. XSS will Fire & Executed on his Browser
[-] Done |
|---|
| User | skalvin (UID 49463) |
|---|
| Submission | 06/26/2023 22:43 (3 years ago) |
|---|
| Moderation | 06/30/2023 08:42 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 232756 [RocketSoft Rocket LMS 1.7 Contact Form /contact/store name/subject/message cross site scripting] |
|---|
| Points | 17 |
|---|