Ora School Suite - Ultimate school management system v5.0 Stored XSS Injection

2019.04.25
ru QUIXSS (RU) ru
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[*] :: Title: Ora School Suite - Ultimate school management system v5.0 Stored XSS Injection [*] :: Author: QUIXSS [*] :: Date: 2019-04-25 [*] :: Software: Ora School Suite - Ultimate school management system v5.0 [?] :: Technical Details & Description: # Weak security measures like bad input fields data filtering has been discovered in the «Ora School Suite - Ultimate school management system». Current version of this web-application is 5.0. [?] :: Demo Website: # https://codecanyon.net/item/schoex-ultimate-school-management-system/9797830 # Backend: http://demo.solutionsbricks.com/schoex/ # Login/Password (admin): admin/admin123 [!] :: Special Note: # Author of this web-application was warned about bad security measures. Nothing has changed. [!] :: For developers: # Disabling any data changes on a demo websites doesn't make your applications more secure. It's good for business and sales but you are simply double-crossing your clients. [+] :: PoC [Links]: # http://demo.solutionsbricks.com/schoex/ [+] :: PoC [Stored XSS Injection]: # Authorize on the demo website for tests, then go to http://demo.solutionsbricks.com/schoex/portal#/frontend/settings page, select the third tab «Direitos autorais do rodapé» (footer copyright settings) and use your payload in the «Direitos autorais deixados» field. Save the data and then you'll see that XSS filter is not triggered and your payload is successfully injected. # Sample payload: <img src="x" onerror="alert('QUIXSS');">

References:

https://codecanyon.net/item/schoex-ultimate-school-management-system/9797830


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top