Super Store Finder 3.3 Cross Site Scripting

2020.11.23
Credit: Eagle Eye
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

###################################################################################### # Exploit type : XSS INJECTION # Exploit title : Super Store Finder Add location XSS Injection # Descriptions : XSS injection from adding store # and reflected XSS in SQL error login page # PHP Script affected : Super Store Finder | Mega Locator # Plugin URI : http://www.superstorefinder.net/ # Version : 3.3 and Below # Exploit Author : Eagle Eye # Plugin Author : Joe Iz # Tested On : Windows # Date : 11/14/2020 # Vuln Page : <website>/superstorefinder/admin/ # <website>/superstorefinder/newstore.php # <website>/megalocator/admin/ # Payload(admin login) : ' <script>alert(1);</script> ####################################################################################### <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top