|===========================================================================
| # Exploit Title : UserPanel Cross-Site-Scripting (XSS) Vulnerability
|
| # Author : Ali Seddigh
|
| # Category : Web Application
|
| # Google Dork : -
|
| # Software Link : https://www.ziponline.ir
|
| # Tested on : [ Windows ~> 10 , Kali Linux ]
|
| # Vulnerable Path : https://www.ziponline.ir/panel
|
| # Date : 2021-03-29
|===========================================================================
| # XSS Type : Stored [UserPanel]
| # Vulnerability Method : _POST
|
| # Proof of Concept :
| # Step1 : Register on Website [www.ziponline.ir/register]
| # Step2 : login into UserPanel [www.ziponline.ir/login]
| # Step3 : Enter The Script into InfoPanel [www.ziponline.ir/panel/profile]
| # Step4 : The Script Executes on UserPanel [www.ziponline.ir/panel]
|===========================================================================
| # Payload Script :
| # <script>alert("XSS")</script>
| # <script>alert(document.cookie)</script>
|===========================================================================
| # Discovered By : Ali Triplex
|===========================================================================