POC详情: 35a566d6dbc5d1576e602d552acec05b71367df6

来源
https://github.com/p0et08/DWrwq
关联漏洞
标题: PHPGurukul Online Shopping Portal 安全漏洞 (CVE-2025-57576)
描述:PHPGurukul Online Shopping Portal是PHPGurukul公司的一个在线商店。 PHPGurukul Online Shopping Portal 2.1版本存在安全漏洞,该漏洞源于/admin/updateorder.php容易受到跨站脚本攻击。
描述
This is a EXP For CVE-2025-57576. PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site > Scripting (XSS) in /admin/updateorder.php
介绍
# Descrip
PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) in /admin/updateorder.php.

# Vulnerability Overview
1.Vulnerability Type: Stored Cross-Site Scripting (XSS)  
2.Affected Product: Online Shopping Portal Project - 2.1  
3.Affected Component: /shopping/admin/updateorder.php?oid=0  
4.Attack Type: Stored Cross-Site Scripting (XSS)

# Steps to Reproduce

1.Set Up the Application : Install and configure the vulnerable version (v2.1) on a local server. download from here  
``https://phpgurukul.com/shopping-portal-free-download/``  
![](./11.png)
2.Login to the System : Use the default credentials provided by phpgurukul.  
``admin/Test@123``  

3.Access the Vulnerable Functionality : /shopping/admin/updateorder.php?oid=0  
![](./22.png)  
4.paste the below code into content and choose the Status 'In Process' then click update  
``<script>alert(1)</script>``  
![](./33.png)  
![](./44.png)  
![](./55.png)  
5. Repeat into /shopping/admin/updateorder.php?oid=0  for a Stored Cross-Site Scripting (XSS)

# Link
``https://phpgurukul.com/shopping-portal-free-download/``
文件快照

 [4.0K]  /data/pocs/35a566d6dbc5d1576e602d552acec05b71367df6
├── [ 27K]  11.png
├── [ 39K]  22.png
├── [ 47K]  33.png
├── [ 57K]  44.png
├── [ 55K]  55.png
├── [ 20M]  Online-Shopping-Portal-project-V2.0.part1.rar
├── [ 10M]  Online-Shopping-Portal-project-V2.0.part2.rar
└── [1.1K]  README.md

0 directories, 8 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。