facebook facebook twitter rss

zen cart v1.3.8a stored xss

Author: N0 Feel , Published: 23-09-2014
# Exploit Title: zen cart v1.3.8a stored xss 
# Google Dork: ur mind better than me :p
# Exploit Author: N0 Feel
# Vendor Homepage: http://www.zen-cart.com/
# Version: v1.3.8a
# Tested on: win7

- zen cart suffer from stored xss in admin panel

localhost/zcart/admin/categories.php

- click new category
- inject js/html into "Categories Description"
- go to to site open your category by name
- B00m :D

#this vuln in admin panel -_- ?

you can hack site's users with browser exploit or other way

Like us on Facebook :