Data center: Ashburn, VA

Telegram Chat : MBHH_x86

Email Us:

Mobile Hacker For Hire, hire a hacker, hiring a hacker, hacker with proof

AmazCart Laravel Ecommerce System CMS 3.4 Cross Site Scripting ≈ Mobile Hacker For Hire

Table of Contents

# Exploit Title: AmazCart – Laravel Ecommerce System CMS 3.4 – ‘Search’ Cross-Site-Scripting — Reflected (AJAX)
# Date: 17/01/2023
# Exploit Author: Sajibe Kanti
# Vendor Name: CodeThemes
# Vendor Homepage:
# Software Link:
# Version: 3.4
# Tested on: Live Demo
# Demo Link :

# Description #

AmazCart – Laravel Ecommerce System CMS 3.4 is vulnerable to Reflected
cross-site scripting because of insufficient user-supplied data
sanitization. Anyone can submit a Reflected XSS payload without login in
when searching for a new product on the search bar. This makes the
application reflect our payload in the frontend search ber, and it is fired
everything the search history is viewed.

# Proof of Concept (PoC) : Exploit #

1) Goto:
2) Enter the following payload in ‘Search Iteam box’ : “><script>alert(1)</script>
3) Now You Get a Popout as Alert 1
4) Reflected XSS payload is fired

# Image PoC : Reference Image #

1) Payload Fired:

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!