Exploit/Advisories
Published on October 5th, 2021 📆 | 7693 Views ⚑
0Lifestyle Store 1.0 Cross Site Scripting – Torchsec
- Lifestyle Store 1.0 Cross Site Scripting
- Posted Oct 4, 2021
- Authored by Abdulrahman
-
Lifestyle Store version 1.0 suffers from a cross site scripting vulnerability.
- MD5 |
dfed369099a0e89c52b268c6025cdd08
- Download | Favorite | View
# Exploit Title: Lifestyle Store (Online Shop Store) 1.0 - Reflected Cross-Site Scripting (XSS)
# Date: 2021-09-30
# Author: Abdulrahman https://twitter.com/infosec_90
# Software Link: https://download-media.code-projects.org/2021/07/Online_Shop_Store_In_PHP_With_Source_Code.zip
# Version: 1.0.0
# Tested on: Kali Linux1. Description:
The tab parameter in the login.php is vulnerable to XSS.
2. login.php in line 43 code:
if(isset($_GET["error"])){
echo $_GET['error'];
}
3. Proof of Concept:
/online-shop/login.php?error=
Gloss