Question2Answer 1.7 Cross Site Scripting

`######################################################################  
[+] Title: Script Question2Answer 1.7 - Stored XSS Vulnerability  
[+] Author: s0w  
[+] Tested On Windows & Linux  
[+] Date: 21/03/2015  
[+] Type: Web Application  
[+] Script Download: https://github.com/q2a/question2answer  
[+] Vendor Homepage: http://www.question2answer.org  
[+] Vulnerability in:\qa-include\pages\question.php  
[+] Google Dork : intext:"Powered by Question2Answer"  
#######################################################################  
  
[+] As shown in the code, the value of 'title' and 'textbody' not filtered  
by 'htmlspecialcharts'  
which cause stored xss and same in data-store in webserver SQL commands  
.  
  
[+] Exploit :  
1. Browse application in browser ..  
2. Add new question with xss code like alert method ;)  
3. submit the new question to viewers ..  
4. complete next steps as xss in tag,body,title,.. etc ..  
5. Finally submit your Qes ..  
6. Test your target in main page ./index.php ..  
7. Use this in Cookies,alerts, Or TrafficBots :D Have Fun !!  
  
[+] XSS Pattern can be used: '"<script>alert(/s0w/)</script>  
[+] Demo Video : http://youtu.be/6qy9DXifNiw  
[+] Demo Target :  
http://soualwjoab.com/  
  
# Discovered By: s0w  
# Contact: fb.me/s0w.egy  
# Mail: [email protected]  
  
‪#‎ Greetz‬ To Egyptian Shell team | Sec4ever ‪#  
`