exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Rocket LMS 1.7 Cross Site Scripting

Rocket LMS 1.7 Cross Site Scripting
Posted Jun 27, 2023
Authored by CraCkEr

Rocket LMS version 1.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 97f580a88c2b993e6298fe38f539f299905ea42fdaf07c50ffd5ef2690baa6e0
Download | Favorite | View

Rocket LMS 1.7 Cross Site Scripting

Change Mirror Download
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││                                     C r a C k E r                                    ┌┘
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                  [ Vulnerability ]                                   ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:  Author   : CraCkEr                                                                    :
│  Website  : https://codecanyon.net/user/rocketsoft                                     │
│  Vendor   : RocketSoft                                                                 │
│  Software : Rocket LMS 1.7                                                             │
│  Vuln Type: Stored XSS                                                                 │
│  Impact   : Manipulate the content of the site                                         │
│                                                                                        │
│────────────────────────────────────────────────────────────────────────────────────────│
│                                                                                       ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:                                                                                        :
│  Release Notes:                                                                        │
│  ═════════════                                                                         │
│  Allow Attacker to inject malicious code into website, give ability to steal sensitive │
│  information, manipulate data, and launch additional attacks.                          │
│                                                                                        │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                                                                      ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

   Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09  
       
  CryptoJob (Twitter) twitter.com/0x0CryptoJob
     
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                    © CraCkEr 2023                                    ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘


## Stored XSS

------------------------------------------------------------
POST /contact/store HTTP/1.1


_token=iytfhBpLDYy2flCFdMGcnYGIyvONBDgK60DdwAtn&name=[XSS Payload]&email=cracker@infosec.com&phone=96171951951&subject=[XSS Payload]&message=[XSS Payload]&captcha=32499
------------------------------------------------------------

POST parameter 'name' is vulnerable to XSS
POST parameter 'subject' is vulnerable to XSS
POST parameter 'message' is vulnerable to XSS


## Steps to Reproduce:

1. Login (as Student) "Normal User"
2. Click On [Contact US] on this Path (https://website/contact)
3. Inject your [XSS Payload] in "Your name"
4. Inject your [XSS Payload] in "Subject"
5. Inject your [XSS Payload] in "Message Box"
6. Click on [Send Message]


5. When ADMIN Visit the [Notifications] - [History] in administration Panel to Check new messages on this Path (https://website/admin/notifications) & Click on [Show]
6. XSS will Fire & Executed on his Browser


[-] Done
Login or Register to add favorites

File Archive:

November 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    1 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    0 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    219 Files
  • 14
    Nov 14th
    19 Files
  • 15
    Nov 15th
    66 Files
  • 16
    Nov 16th
    38 Files
  • 17
    Nov 17th
    9 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    11 Files
  • 22
    Nov 22nd
    56 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    36 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    14 Files
  • 28
    Nov 28th
    30 Files
  • 29
    Nov 29th
    35 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close