Online Market Place Site 1.0 Cross Site Scripting

Online Market Place Site version 1.0 suffers from a persistent cross site scripting vulnerability.

SHA-256 | 6dbdfadfd046c1d428d90778b682265b97787399b579cf8c236ae782a910255b

# Exploit Title: Online Market Place Site v1.0 - Stored Cross-Site Scripting (XSS)
# Exploit Author: Joe Pollock
# Date: September 03, 2022
# Vendor Homepage:
# Software Link:
# Tested on: Kali Linux, Apache, Mysql
# CVE: CVE-2022-30003 (RESERVED)
# Vendor: oretnom23
# Version: v1.0
# Exploit Description:
# Online Market Place Site v1.0 suffers from an authenticated stored Cross-Site Scripting (XSS) vulnerability allowing attackers to register
# as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields.

To reporduce:

1. Sign as a Seller (or create an account) then add a product by navigating to 'Products' > 'Add New'.

2. Add an XSS payload (e.g. <script>alert(1)</script>) within the 'Product Title' and/or 'Short Description' fields.

3. Click 'SAVE' - the XSS payload(s) will be executed immediately or anytime the product is viewed.

Related Posts