Question2Answer 1.7 Cross Site Scripting

2015.03.25
Credit: s0w
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: intext:\"Powered by Question2Answer\"

###################################################################### [+] Title: Script Question2Answer 1.7 - Stored XSS Vulnerability [+] Author: s0w [+] Tested On Windows & Linux [+] Date: 21/03/2015 [+] Type: Web Application [+] Script Download: https://github.com/q2a/question2answer [+] Vendor Homepage: http://www.question2answer.org [+] Vulnerability in:\qa-include\pages\question.php [+] Google Dork : intext:"Powered by Question2Answer" ####################################################################### [+] As shown in the code, the value of 'title' and 'textbody' not filtered by 'htmlspecialcharts' which cause stored xss and same in data-store in webserver SQL commands . [+] Exploit : 1. Browse application in browser .. 2. Add new question with xss code like alert method ;) 3. submit the new question to viewers .. 4. complete next steps as xss in tag,body,title,.. etc .. 5. Finally submit your Qes .. 6. Test your target in main page ./index.php .. 7. Use this in Cookies,alerts, Or TrafficBots :D Have Fun !! [+] XSS Pattern can be used: '"<script>alert(/s0w/)</script> [+] Demo Video : http://youtu.be/6qy9DXifNiw [+] Demo Target : http://soualwjoab.com/ # Discovered By: s0w # Contact: fb.me/s0w.egy # Mail: s0wxp0c@gmail.com ?#? Greetz? To Egyptian Shell team | Sec4ever ?#


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top