# Exploit Title: Online Shopping Cross-Site Scripting (XSS) # Date: 20/12/2021 # Exploit Author: Shivani Bhavsar # Vendor Homepage: https://phpgurukul.com # Software Link: https://phpgurukul.com/shopping-portal-free-download/ # Version: V 3.1 # Tested on: Windows 11 ==> Stored Cross-Site Scripting XSS: An attacker exploits Stored XSS to inject malicious content (referred to as the payload) into the target application, most commonly JavaScript code. This harmful code is permanently kept if there is no input validation. (Storage) by the target programme, such as in a database. For An attacker could, for example, insert a malicious script into a user input area. For example, in a blog comment area or a forum post. The XSS attack occurs when a victim opens the compromised web page in a browser. The payload is delivered to the victim's browser as part of the HTML code (just like the rest of the HTML code). (In the same way as a legitimate comment would). As a result, victims will end up. when the page is accessed on their browser, the malicious script is executed ==> Attack Vendor: Because of this vulnerability, an attacker can inject an XSS payload into the Admin profile area, and the XSS will activate every time the admin visits any other portion of the application, allowing the attacker to steal the cookie according to the constructed payload. ==> Vulnerable Parameters: "Admin name" parameter ==> Steps for reproduce: 1) Go to http://localhost/OnlineShopping/shopping/my-cart.php and logged In as an Admin (#Username: admin #Password: Test@123). 2) Click on (Admin --> Profile). In the profile page go to My cart .Enter the payload in Shipping State: = "><script>alert(123)</script> Click on submit. 3) Now, whichever section of the application admin visits the payload gets executed successfully.