Home / exploitsPDF  

Webasyst Shop Script 5.2.2.30933 Cross Site Scripting

Posted on 21 August 2014

Exploit Title:webasyst shop script stored xss # Date: 8/12/2014 # Exploit Author: Ankit Bharathan # Description: shop-Script 5 Emerging PHP ecommerce framework that helps you increase sales.Feature-rich PHP shopping cart solution & ecommerce framework developed in 2013--2014. One of the leading shopping cart solutions of Russia. Over 2500 live stores. # Vendor Homepage: http://www.shop-script.com/ # Software Link: http://www.webasyst.com/download/framework/shop/ # Version:5.2.2.30933 # Tested on: windows 7 # CVE : #exploit:http://localhost/phpecom/index.php/webasyst/contacts/ add new contact from above link and fill the phone number field with <svg><script>alert&#40/1/&#41</script><svg> booom ;) screenshot:http://prntscr.com/4cc4za

 

TOP