Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

EDB-ID:

52018

CVE:

2024-34241

EDB Verified:

Author:

Sergio Medeiros

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2024-05-19

Vulnerable App: 
# Title: Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)
# Date: 04/16/2024
# Exploit Author: Sergio Medeiros
# Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735
# Software Link: https://lms.rocket-soft.org
# Version: 1.9
# Tested on Firefox and Chrome Browsers
# Patched Version: Patch Pending
# Category: Web Application
# CVE: CVE-2024-34241
# Exploit link: https://grumpz.net/cve-2024-34241-a-step-by-step-discovery-guide
# PoC:

In order to exploit this systemic stored XSS vulnerability, identify theareas in the web application which has a WYSIWIG editor used, for example, the create/edit course description section. 
Input random text in the description section, and create the course while intercepting the request with BurpSuite or your preferred proxy of choice.

In the *description* parameter or the associated parameter that is handling the user input related to the WYSIWIG editor, input the following payload and then issue the request:
<details/open/ontoggle=prompt(origin)>
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services