[*] :: Title: Ora School Suite - Ultimate school management system v5.0 Stored XSS Injection [*] :: Author: QUIXSS [*] :: Date: 2019-04-25 [*] :: Software: Ora School Suite - Ultimate school management system v5.0 [?] :: Technical Details & Description: # Weak security measures like bad input fields data filtering has been discovered in the «Ora School Suite - Ultimate school management system». Current version of this web-application is 5.0. [?] :: Demo Website: # https://codecanyon.net/item/schoex-ultimate-school-management-system/9797830 # Backend: http://demo.solutionsbricks.com/schoex/ # Login/Password (admin): admin/admin123 [!] :: Special Note: # Author of this web-application was warned about bad security measures. Nothing has changed. [!] :: For developers: # Disabling any data changes on a demo websites doesn't make your applications more secure. It's good for business and sales but you are simply double-crossing your clients. [+] :: PoC [Links]: # http://demo.solutionsbricks.com/schoex/ [+] :: PoC [Stored XSS Injection]: # Authorize on the demo website for tests, then go to http://demo.solutionsbricks.com/schoex/portal#/frontend/settings page, select the third tab «Direitos autorais do rodapé» (footer copyright settings) and use your payload in the «Direitos autorais deixados» field. Save the data and then you'll see that XSS filter is not triggered and your payload is successfully injected. # Sample payload: <img src="x" onerror="alert('QUIXSS');">