[*] :: Title: EduFirm School & College Web Portal CMS Stored XSS Injection
[*] :: Author: QUIXSS
[*] :: Date: 2019-04-27
[*] :: Software: EduFirm School & College Web Portal CMS
[?] :: Technical Details & Description:
# Weak security measures like no input fields data filtering has been discovered in the «EduFirm School & College Web Portal CMS».
[?] :: Demo Website:
# Frontend: http://scweb.businesswithtechnology.com/
# Backend: http://scweb.businesswithtechnology.com/login
# Login/Password: firstname.lastname@example.org/123
[!] :: Special Note:
# This CMS have a lot of settings, but many of them are blocked on the demo website. This doesn't mean that the web-application is secure.
[!] :: For developers:
# Disabling any data changes on a demo websites doesn't make your applications more secure. It's good for business and sales but you are simply double-crossing your clients.
[+] :: PoC [Links]:
[+] :: PoC [Stored XSS Injection]:
# Authorize on the demo website for tests, then go to any page with a text field or text box, f.e. http://scweb.businesswithtechnology.com/admin/settings/general
# Click on the «Header & Footer Scripts» tab, you'll see «Header Codes», «Footer Codes» and «Post Foot Codes» text areas. Use your payload in the first text area «Header Codes», f.e. <script>alert('QUIXSS');</script>, or stay on the «Admin & Branding» tab and inject your payload in the «Copyright©» text field. On the http://scweb.businesswithtechnology.com/admin/page page you can inject your payload in the «Title» field.
# Sample payload #1: <script>alert('QUIXSS')</script>
# Sample payload #2: <img src="x" onerror="window.location.replace('https://twitter.com/quixss');">