This exploit demonstrates a stored XSS vulnerability in AbanteCart 1.2.7 by bypassing default input sanitization via base64-encoded payloads in the `__e` parameter. The PoC shows how to inject malicious JavaScript into an order's address field.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:AbanteCart 1.2.7
Auth required
Prerequisites:Access to create an order in AbanteCart · Ability to intercept/modify HTTP requests (e.g., Burp Suite)