Online Clothing Store version 1.0 suffers from a persistent cross site scripting vulnerability.
b48bfc8a784e9064e05f86019e3eca5cbf565fd47d42fa319ba0f75a214ca0fc# Exploit Title: Online Clothing Store 1.0 - Persistent Cross-Site Scripting
# Date: 2020-05-05
# Exploit Author: Sushant Kamble
# Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/online-clothing-store_0.zip
# Version: 1.0
# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
#Vulnerable Page: Offers.php
#Parameter Vulnerable: Offer Detail
ONLINE CLOTHING STORE 1.0 is vulnerable to Stored XSS
Admin user can add malicious script to offer page.
when a normal user visit a page. A script gets executed.
# Exploit:
Open offer.php
Add below script in Offer Detail
<script>alert(document.cookie)</script>
Save
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed