Skip to content

Instantly share code, notes, and snippets.

@influxweb

influxweb/ACLN.html

Created January 11, 2021 17:04
Show Gist options
  • Save influxweb/3e79d9aae3758879fe8c1f78914f8628 to your computer and use it in GitHub Desktop.
Save influxweb/3e79d9aae3758879fe8c1f78914f8628 to your computer and use it in GitHub Desktop.
Download ZIP
Shadows v1: Account XSS
Raw
ACLN.html
<mvt:item name="html_profile" />
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<base href="&mvt:global:basehref;">
<mvt:if expr="NOT ISNULL l.settings:page:title">
<title>&mvt:page:title;</title>
<mvt:else>
<title>&mvt:store:name;: &mvt:page:name;</title>
</mvt:if>
<mvt:item name="head" param="css_list" />
<mvt:item name="head" param="head_tag" />
</head>
<body id="js-&mvte:page:code;" class="o-site-wrapper t-page-&mvte:global:pageClass;">
<mvt:item name="hdft" param="global_header" />
<section class="o-layout">
<div class="o-layout__item">
<mvt:item name="hdft" param="header" />
<mvt:item name="readytheme" param="contentsection( 'messages' )" />
</div>
</section>
<section class="o-layout o-layout--column-reverse o-layout--row-reverse--l">
<div class="o-layout__item u-width-12 u-width-9--l">
<div class="o-layout">
<div class="o-layout__item u-width-12 u-width-6--m">
<section class="t-account-landing-section">
<div class="o-layout__item u-width-12 u-bg-gray-10 u-text-bold u-text-uppercase">
<div class="o-layout o-layout--align-center o-layout--justify-between">
<span class="o-layout__item c-heading-echo">Personal Information</span>
<span class="o-layout__item u-text-right">
<a class="c-button c-button--huge u-bg-gray-30 u-color-white u-font-small" href="&mvte:urls:ACED:auto;" title="Update Your Information">Edit</a>
</span>
</div>
</div>
<div class="o-layout__item u-width-12 t-account-landing-section__content">
<table class="o-table c-table-simple u-font-small u-text-bold">
<tr>
<td class="c-table-simple__cell u-color-gray-30 u-text-uppercase">Name</td>
<td class="c-table-simple__cell">&mvte:global:customer:ship_fname; &mvte:global:customer:ship_lname;</td>
</tr>
<tr>
<td class="c-table-simple__cell u-color-gray-30 u-text-uppercase">Email</td>
<td class="c-table-simple__cell">&mvte:global:customer:ship_email;</td>
</tr>
<tr>
<td class="c-table-simple__cell u-color-gray-30 u-text-uppercase">Password</td>
<td class="c-table-simple__cell">
<a class="u-color-gray-50 u-text-uppercase" href="&mvte:urls:CPWD:secure;" title="Change Your Password">Change Password</a>
</td>
</tr>
</table>
</div>
</section>
</div>
<mvt:if expr="l.settings:paymentsettings:mivapay:enabled">
<div class="o-layout__item u-width-12 u-width-6--m">
<section class="t-account-landing-section">
<div class="o-layout__item u-width-12 u-bg-gray-10 u-text-bold u-text-uppercase">
<div class="o-layout o-layout--align-center o-layout--justify-between">
<span class="o-layout__item c-heading-echo">Payment Options</span>
<span class="o-layout__item u-text-right">
<a class="c-button c-button--huge u-bg-gray-30 u-color-white u-font-small" href="&mvte:urls:CPCD:auto;" title="Manage Saved Cards">View All</a>
</span>
</div>
</div>
<div class="o-layout__item u-width-12 t-account-landing-section__content">
<mvt:item name="paymentcards" />
</div>
</section>
</div>
</mvt:if>
</div>
<section class="t-account-landing-section">
<div class="o-layout__item u-width-12 u-bg-gray-10 u-text-bold u-text-uppercase">
<div class="o-layout o-layout--align-center o-layout--justify-between">
<span class="o-layout__item c-heading-echo">Order History</span>
<span class="o-layout__item u-text-right">
<a class="c-button c-button--huge u-bg-gray-30 u-color-white u-font-small" href="&mvte:urls:ORDH:auto;" title="View All Orders">View All</a>
</span>
</div>
</div>
<div class="o-layout__item u-width-12 t-account-landing-section__content">
<mvt:item name="orderhistory_list" />
</div>
</section>
<section class="t-account-landing-section">
<div class="o-layout__item u-width-12 u-bg-gray-10 u-text-bold u-text-uppercase">
<div class="o-layout o-layout--align-center o-layout--justify-between">
<span class="o-layout__item c-heading-echo">Customer Credit</span>
<span class="o-layout__item u-text-right">
<a class="c-button c-button--huge u-bg-gray-30 u-color-white u-font-small" href="&mvte:urls:ABAL:auto;" title="Manage Account Balance">Manage</a>
</span>
</div>
</div>
<div class="o-layout__item u-width-12 t-account-landing-section__content">
<form method="post" action="&mvte:urls:_self:secure;" autocomplete="off">
<fieldset>
<legend>&mvt:page:name;</legend>
<input type="hidden" name="Action" value="RDGC" />
<div class="o-layout o-layout--align-bottom o-layout--justify-around">
<div class="o-layout__item u-width-12 u-width-3--l">
<div class="c-form-list">
<div class="c-form-list__item u-text-center">
<span class="u-color-gray-30 u-font-tiny u-text-bold u-text-uppercase">Current Credit Amount</span><br>
</div>
<div class="c-form-list__item c-control-group u-flex">
<a class="c-button c-button--full c-button--small u-bg-gray-10 u-color-gray-50 u-font-large u-text-bold" href="&mvte:urls:ABAL:auto;" title="Manage Account Balance">&mvt:customer:formatted_credit;</a>
</div>
</div>
</div>
<div class="o-layout__item u-width-12 u-width-5--l">
<div class="c-form-list">
<div class="c-form-list__item">
<label class="c-form-label u-color-gray-30 u-font-small u-hide-visually u-text-bold u-text-uppercase" for="GiftCertificate_Code">Enter Gift Certificate Code</label>
</div>
<div class="c-form-list__item c-form-list__item--full c-control-group u-flex">
<input id="GiftCertificate_Code" class="c-form-input c-form-input--large c-control-group__field u-bg-gray-10 u-border-none" type="text" name="GiftCertificate_Code" placeholder="Enter Code Here" value="&mvte:global:GiftCertificate_Code;" required>
<input class="c-button c-button--large c-control-group__button u-bg-gray-50 u-border-none u-font-small u-text-uppercase" type="submit" value="Apply">
</div>
</div>
</div>
</div>
</fieldset>
</form>
</div>
</section>
<section class="t-account-landing-section">
<div class="o-layout__item u-width-12 u-bg-gray-10 u-text-bold u-text-uppercase">
<div class="o-layout o-layout--align-center o-layout--justify-between">
<span class="o-layout__item c-heading-echo">Address Book</span>
<span class="o-layout__item u-text-right">
<a class="c-button c-button--huge u-bg-gray-30 u-color-white u-font-small" href="&mvte:urls:CABK:auto;" title="View All Addresses">View All</a>
</span>
</div>
</div>
<div class="o-layout__item u-width-12 t-account-landing-section__content">
<mvt:item name="addressbook" />
</div>
</section>
<section class="t-account-landing-section">
<div class="o-layout__item u-width-12 u-bg-gray-10 u-text-bold u-text-uppercase">
<div class="o-layout o-layout--align-center o-layout--justify-between">
<span class="o-layout__item c-heading-echo">Wish Lists</span>
<span class="o-layout__item u-text-right">
<a class="c-button c-button--huge u-bg-gray-30 u-color-white u-font-small" href="&mvte:urls:WLST:auto;" title="View All Wish Lists">View All</a>
</span>
</div>
</div>
<div class="o-layout__item u-width-12 t-account-landing-section__content">
<mvt:if expr="NOT l.settings:customerwishlists:wishlist_count GT 0">
<p class="x-messages x-messages--info">No wish lists found.</p>
<mvt:else>
<table class="o-table o-table-borderless c-table-simple">
<tbody>
<mvt:assign name="l.settings:wishlist_count" value="0" />
<mvt:foreach iterator="wishlist" array="customerwishlists:wishlists">
<mvt:assign name="l.settings:wishlist_count" value="l.settings:wishlist_count + 1" />
<mvt:if expr="l.settings:wishlist_count GT 4">
<tr class="c-table-simple__row">
<td class="c-table-simple__cell" colspan="2">
<a class="u-color-gray-50 u-font-tiny u-text-uppercase" href="&mvte:urls:WLST:auto;" title="View All Wish Lists">more &hellip;</a>
</td>
</tr>
<mvt:foreachstop />
</mvt:if>
<tr class="c-table-simple__row u-font-small">
<td class="c-table-simple__cell">
<a class="u-color-gray-50 u-text-underline" href="&mvte:urls:WISH:rr_sep;WishList_ID=&mvta:wishlist:id;">&mvte:wishlist:title;</a>
</td>
<td class="c-table-simple__cell">&mvte:wishlist:notes;</td>
</tr>
</mvt:foreach>
</tbody>
</table>
</mvt:if>
</div>
</section>
</div>
<aside class="o-layout__item u-width-12 u-width-3--l">
<mvt:item name="readytheme" param="navigationset( 'account_navigation' )" />
</aside>
</section>
<section class="o-layout">
<div class="o-layout__item">
<mvt:item name="hdft" param="footer" />
</div>
</section>
<mvt:item name="hdft" param="global_footer" />
</body>
</html>
Raw
CACT.html
<mvt:assign name="l.settings:new_customer:login" value="''" />
<mvt:assign name="l.settings:new_customer:pw_email" value="miva_html_strip(g.register_email, '')" />
<mvt:assign name="l.settings:new_customer:password" value="miva_html_strip(g.register_password, '')" />
<mvt:assign name="l.settings:new_customer:pgrpcount" value="0" />
<mvt:assign name="l.settings:new_customer:ship_fname" value="miva_html_strip(g.register_fname, '')" />
<mvt:assign name="l.settings:new_customer:ship_lname" value="miva_html_strip(g.register_lname, '')" />
<mvt:assign name="l.settings:new_customer:saved_password" value="l.settings:new_customer:password" />
<mvt:do file="g.Module_Feature_CUS_DB" name="l.settings:test" value="Customer_Load_Email(l.settings:new_customer:pw_email, l.settings:existing_customer)" />
<mvt:if expr="g.current_location">
<mvt:assign name="g.return_link" value="miva_html_strip(g.current_location, '')" />
<mvt:else>
<mvt:assign name="g.return_link" value="l.settings:urls:SFNT:rr_sep" />
</mvt:if>
<mvt:if expr="l.settings:existing_customer:id GT 0">
<mvt:comment>USER EXISTS</mvt:comment>
<mvt:assign name="g.Customer_Password" value="g.register_password" />
<mvt:assign name="g.Customer_LoginEmail" value="g.register_email" />
<mvt:do file="g.Module_Feature_CUS_RT" name="l.settings:login_success" value="Action_Customer_Login()" />
&mvte:global:MvDO_Error;
<mvt:if expr="g.Customer_Login_Invalid EQ 1 OR g.Customer_Password_Invalid EQ 1">
<mvt:else>
<meta http-equiv="refresh" content="0;url=&mvte:global:return_link;logon=1" />
</mvt:if>
<mvt:else>
<mvt:do file="g.module_library_utilities" name="g.is_valid_email" value="Email_Validate(l.settings:new_customer:pw_email)" />
<mvt:do file="g.Module_Feature_CUS_DB" name="l.settings:testPW" value="CustomerSettings_Load(l.customersettings)" />
<mvt:do file="g.Module_Admin" name="g.is_valid_pw" value="Validate_Password(l.customersettings, l.settings:new_customer:password)" />
<mvt:assign name="g.invalidEmailMessage" value="crypto_base64_encode('You have entered an invalid email address.')" />
<mvt:assign name="g.invalidPasswordMessage" value="crypto_base64_encode(g.Validation_Message)" />
<mvt:if expr="g.is_valid_email EQ 1 AND g.is_valid_pw EQ 1">
<mvt:do file="g.Module_Feature_CUS_UT" name="l.settings:test" value="CustomerLogin_Generate_Email(l.settings:new_customer:pw_email, l.settings:new_customer:login)" />
<mvt:do file="g.Module_Feature_CUS_DB" name="l.settings:test" value="Customer_Insert(l.settings:new_customer)" />
<mvt:assign name="g.Customer_Password" value="l.settings:new_customer:saved_password" />
<mvt:assign name="g.Customer_LoginEmail" value="l.settings:new_customer:pw_email" />
<mvt:do file="g.Module_Feature_CUS_RT" name="l.settings:login_success" value="Action_Customer_Login()" />
&mvte:global:MvDO_Error;
<meta http-equiv="refresh" content="0;url=&mvte:global:return_link;registration=1&NewAccount=1&Customer_ShipFirstName=&mvte:global:register_fname;" />
<mvt:elseif expr="g.is_valid_email EQ 0 AND g.is_valid_pw EQ 1">
<meta http-equiv="refresh" content="0;url=&mvte:global:return_link;registration=0&iem=&mvte:global:invalidEmailMessage;" />
<mvt:elseif expr="g.is_valid_email EQ 1 AND g.is_valid_pw EQ 0">
<meta http-equiv="refresh" content="0;url=&mvte:global:return_link;registration=0&ipm=&mvte:global:invalidPasswordMessage;" />
<mvt:else>
<meta http-equiv="refresh" content="0;url=&mvte:global:return_link;registration=0&iem=&mvte:global:invalidEmailMessage;&ipm=&mvte:global:invalidPasswordMessage;" />
</mvt:if>
</mvt:if>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment