Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stored XSS #52

Closed
b1nslashsh opened this issue Dec 1, 2020 · 2 comments
Closed

stored XSS #52

b1nslashsh opened this issue Dec 1, 2020 · 2 comments

Comments

@b1nslashsh
Copy link

b1nslashsh commented Dec 1, 2020
edited
Loading

Stored XSS
there is a stored XSS , which is critical because an unauth user can send js code to admin panel , which cloud lead to admin Account takeover.

To Reproduce
Steps to reproduce the behavior:

  1. got to s-cart store while adding product to the cart , intercept it and usei the payload in form_attr parm
ee.mp4
  1. after proceeding the purchase , the code will execute while trying to edit it in the admin panel
    here is the POC video : https://drive.google.com/file/d/1E7AE7EFPTiiEEj8jAKvVAumWKu4PRs0L/view?usp=sharing
    payload used = "><script>alert("test")</script>
lanhktc referenced this issue in s-cart/core Dec 1, 2020
@lanhktc
Escape data for front-end
f4b2811
@lanhktc
Copy link
Collaborator

lanhktc commented Dec 1, 2020

@b1nslashsh Fixed in s-cart/core@f4b2811
Thank so much!

@b1nslashsh
Copy link
Author

b1nslashsh commented Dec 1, 2020
edited
Loading

@lanhktc Amazing 😀

Also try to give the email in profile so security vulnerability's can share directly without publishing it public
So it reduces the risk
Cheers 🍻,
Muhaimin

@lanhktc lanhktc closed this as completed Dec 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lanhktc @b1nslashsh