Online Market Place Site version 1.0 suffers from a persistent cross site scripting vulnerability.
advisories | CVE-2022-30003
# Exploit Title: Online Market Place Site v1.0 - Stored Cross-Site Scripting (XSS)
# Exploit Author: Joe Pollock
# Date: September 03, 2022
# Vendor Homepage: https://www.sourcecodester.com/php/15273/online-market-place-site-phpoop-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/omps.zip
# Tested on: Kali Linux, Apache, Mysql
# CVE: CVE-2022-30003 (RESERVED)
# Vendor: oretnom23
# Version: v1.0
# Exploit Description:
# Online Market Place Site v1.0 suffers from an authenticated stored Cross-Site Scripting (XSS) vulnerability allowing attackers to register
# as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields.
1. Sign as a Seller (or create an account) then add a product by navigating to 'Products' > 'Add New'.
2. Add an XSS payload (e.g. <script>alert(1)</script>) within the 'Product Title' and/or 'Short Description' fields.
3. Click 'SAVE' - the XSS payload(s) will be executed immediately or anytime the product is viewed.