Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting

vendor:

Savsoft Quiz 5

by:

strider

7.5

CVSS

HIGH

Persistent Cross-Site Scripting

CWE

Product Name: Savsoft Quiz 5

Affected Version From: 5.0

Affected Version To: 5.0

Patch Exists: NO

Related CWE: N/A

CPE: a:savsofts:savsoftquiz_v5

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Ubuntu 20.04 LTS / Kali Linux

2021

Savsoft Quiz 5 – ‘User Account Settings’ Persistent Cross-Site Scripting

The vulnerability is found at the user settings page where the user can change his name and his login credentials. Its possible to inject html/js into the fields which will be executed after pressing submit.

Mitigation:

Input validation and sanitization should be implemented to prevent malicious code injection.

Source

Exploit-DB raw data:

# Exploit Title: Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting
# Date: 2021-05-04
# Exploit Author: strider
# Software Link: https://github.com/savsofts/savsoftquiz_v5
# Vendor: https://savsoftquiz.com
# Version: 5.0
# Tested on: Ubuntu 20.04 LTS / Kali Linux

====================================[Description]====================================
The vulnerability is found at the user settings page where the user can change his name and his login credentials. its possible to inject html/js into the fields which will be executed after pressing submit.


====================================[Proof of Concept]====================================
If you installed this software create a new user or you can use the default user shown in the install description

test-link:
http://192.168.1.109/index.php/user/edit_user/<userid>

step1)
login into an account

step2)
click on the top right on you account name and navigate to "My Account"

step3)
insert 

"><script>alert(document.cookie);</script>

into the fields and hit submit

boom!