######################################################################
[+] Title: Script Question2Answer 1.7 - Stored XSS Vulnerability
[+] Author: s0w
[+] Tested On Windows & Linux
[+] Date: 21/03/2015
[+] Type: Web Application
[+] Script Download: https://github.com/q2a/question2answer
[+] Vendor Homepage: http://www.question2answer.org
[+] Vulnerability in:\qa-include\pages\question.php
[+] Google Dork : intext:"Powered by Question2Answer"
#######################################################################
[+] As shown in the code, the value of 'title' and 'textbody' not filtered
by 'htmlspecialcharts'
which cause stored xss and same in data-store in webserver SQL commands
.
[+] Exploit :
1. Browse application in browser ..
2. Add new question with xss code like alert method ;)
3. submit the new question to viewers ..
4. complete next steps as xss in tag,body,title,.. etc ..
5. Finally submit your Qes ..
6. Test your target in main page ./index.php ..
7. Use this in Cookies,alerts, Or TrafficBots :D Have Fun !!
[+] XSS Pattern can be used: '"<script>alert(/s0w/)</script>
[+] Demo Video : http://youtu.be/6qy9DXifNiw
[+] Demo Target :
http://soualwjoab.com/
# Discovered By: s0w
# Contact: fb.me/s0w.egy
# Mail: s0wxp0c@gmail.com
?#? Greetz? To Egyptian Shell team | Sec4ever ?#